Fragmentation of CVSS scores in the NVD: A quantitative analysis of inconsistency across vulnerability scoring standards

This research paper analyzes inconsistencies in CVSS scores (numerical ratings that measure how serious software vulnerabilities are) within the NVD (National Vulnerability Database, a public repository of known security flaws). The study found that the same vulnerability often receives different CVSS scores depending on which scoring standard or organization assigns the rating, revealing a fragmentation problem in how vulnerability severity is measured and reported.