Skip to content

Faction Severity Rating and CVSS Scoring

Native: Static Badge

CVSS: Static Badge

FACTION's severity rankings are easily customizable to how you perform assessments. You can even create different severity options for the type of assessment.

FACTION has 3 options to choose:

  1. Native Severity - This is simply High, Medium, Low, etc type rankings. Faction let you set up to 10 levels and can rename them to anything that works for your process.
  2. CVSS 3.1 - This option enables First.org CVSS 3.1 Severity Scoring and was introduced in FACTION 1.2
  3. CVSS 4.0 = This option enables First.org CVSS 4.0 Scoring and was introduced in FACTION 1.2

Native Severity Ranking

By default, assessments are enabled with Native Severity Ranking. You can choose up to 10 levels. The most common severity names are pre-populated when you install FACTION. You are free to change these names to anything you wish. If your process uses a different nomenclature then you can change Critical to P1 and High to P2 for example.

You can find this setting in Templates -> Default Vulnerabilities.

When Native Severity Ranking is enabled, the following options are available when adding a new vulnerability:

Changing the Severity Scoring System

The severity scoring system is set for each assessment type. You can change this or create new assessment types by navigating to Admin -> Settings:

Notice above that each assessment has a different scoring system. To change the assessment scoring system then simply click the edit button an select the scoring system from the drop-down.

CVSS 3.1 and 4.0 Severity Ranking

When changing the scoring system to CVSS 3.1 or 4.0, it changes the vulnerability UI and adds CVSS Calculators to the page.

Clicking on the calculator button next to the CVSS Vector will open a dialog that will build the CVSS vector for you and update the score.