Which scoring system is used to assess vulnerabilities?

The Common Vulnerability Scoring System (CVSS) is the established framework used to assess and quantify vulnerabilities within software and systems. CVSS provides a standardized approach to evaluating the severity of security vulnerabilities by producing a numerical score, which facilitates the prioritization of remediation efforts based on the potential impact and exploitability of the vulnerabilities.

CVSS scores are derived from several factors that assess how a vulnerability can be exploited and the impact it would have on the system. This includes metrics like attack vector, complexity, and the potential impact on confidentiality, integrity, and availability. This standardized scoring allows organizations and security professionals to have a consistent understanding of the severity of vulnerabilities, compare them, and make informed decisions regarding patching and resource allocation.

The other options mentioned may represent various frameworks and methodologies related to risk assessment and management, but they do not specifically address the scoring of vulnerabilities in the concise and widely accepted manner that CVSS does. Thus, choosing CVSS reflects the industry standard for vulnerability assessment.