Understanding The Red Hat Security Impact Scale
Red Hat News, Wednesday, April 10th, 2024
Red Hat uses a four-point impact scale to classify security issues affecting our products. Have you ever asked yourself what it takes and what the requirements are for each point of the scale? We will talk through the highlights of our process in this article.
First and foremost, what is a CVE? Short for Common Vulnerabilities and Exposures, it is a list of publicly disclosed computer security flaws. Learn more in this Red Hat post.
To receive a severity rating, the issue needs to be a CVE. But what does it take to be a CVE? In order to warrant a CVE ID, a vulnerability has to compromise one or more of the three pillars of the CIA triad: Confidentiality, Integrity and Availability.
If the issue doesn't directly compromise any of these three pillars, the issue is not a CVE. It might be a weakness, but it is not a CVE.