Where are my VM folks at? CVSS v4.0! Some takeaways reading the brief change list…

• Emphasis that scoring is not just the Base metrics but in order to get an accurate score you need to consider temporal/environmental scores. Awesome and so true.
• Attack Requirements (AT) seems useful given so much of what the “likelihood” of a successful attack is dependent on how likely it is for the attacker to meet all requirements.
• Temporal renamed to “Threat metric”. Don’t like…
• RL and RC deprecated. Good. Never liked those
• More emphasis on OT vs IT which is great!

Thanks to @forgetful@infosec.exchange for tootin’ about it!