The National Vulnerability Database (NVD) is an external data source that provides information about all Common Vulnerabilities and Exposures (CVE) and their severity level.
A security update is an update that contains at least one CVE, which is a weakness in the code that hackers use to intrude computer systems. Since each CVE has a different severity level, the National Vulnerability Database should be used to determine their security severity accordingly. For this solution, the team created an internal database by mirroring the NVD. Currently, the security severity is classified into five categories:
- Low: 0.1-3.9
- Medium: 4.0-6.9
- High: 7.0-8.9
- Critical: 9.0-10.0
Figure 4 is an example of a CVE from the NVD. CVE-2020-9558 is a CVE from Adobe bridge and its base score (which determines the security severity) is 3.3.