What is libcvss ?

libcvss is a Rust implementation of the CVSS specification. It leverages Rust to provide a CVSS implementation focused on both performance and correctness.

What is CVSS ?

The official CVSS website describes CVSS this way:

The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

Features

• All non-deprecated versions of CVSS (2.0, 3.0, 3.1) are supported.
• CVSS vectors can be parsed from a string slice, or constructed programmatically.
• Parsing can be done in strict or non-strict mode : strict mode requires all fields inside the vector string to be present in canonical order. In non-strict mode the parser will do its best to construct a CVSS vector from what it can find in the input: fields can be repeated, in the wrong order, etc.
• Score associated with a CVSS vector can be computed for base, temporal or environmental vectors.
• libcvss can parse thousands of CVSS vectors per second.

  Test infrastructure and reliability

Correctness and reliability are an important focus of libcvss. - All official examples from all versions of the CVSS specification are implemented as integration tests. We pledge to have these tests pass on master at all time. - An optional integration test downloads the NVD data for every CVE vulnerability disclosed since 2007, parses the associated CVSS vectors (in both V2 and V3 version when available), computes the associated severity scores and compares it to the scores provided by NVD. We pledge to have this test pass on all libcvss releases.