The University of SydneyPage 15Vulnerabilities–The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities.–CVSS consists of three metric groups: Base, Temporal, and Environmental–The Basegroup represents the intrinsic qualities of a vulnerability–The Temporalgroup reflects the characteristics of a vulnerability that change over time–The Environmentalgroup represents the characteristics of a vulnerability that are unique to a user's environment