{"id":998868,"date":"2023-11-02T15:34:55","date_gmt":"2023-11-02T17:34:55","guid":{"rendered":"https:\/\/teknomers.com\/fr\/first-annonce-cvss-4-0-un-nouveau-systeme-de-notation-des-vulnerabilites\/"},"modified":"2023-11-02T15:35:01","modified_gmt":"2023-11-02T17:35:01","slug":"first-annonce-cvss-4-0-un-nouveau-systeme-de-notation-des-vulnerabilites","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/first-annonce-cvss-4-0-un-nouveau-systeme-de-notation-des-vulnerabilites\/","title":{"rendered":"FIRST annonce CVSS 4.0 \u2013 un nouveau syst\u00e8me de notation des vuln\u00e9rabilit\u00e9s"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">02 novembre 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">R\u00e9daction<\/span><\/span><span class=\"p-tags\">\u00c9valuation de la vuln\u00e9rabilit\u00e9<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a rel=\"nofollow\" href=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/FIRST-annonce-CVSS-40-\u2013-un-nouveau-systeme-de-notation.jpg\" style=\"clear: left; display: block; float: left; text-align: center;\"><\/a><\/div>\n<p>Le Forum des \u00e9quipes de r\u00e9ponse aux incidents et de s\u00e9curit\u00e9 (FIRST) a officiellement annonc\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/\" target=\"_blank\">CVSS v4.0<\/a>la nouvelle g\u00e9n\u00e9ration de la norme Common Vulnerability Scoring System, plus de huit ans apr\u00e8s la sortie de CVSS v3.0 en juin 2015.<\/p>\n<p>&#8220;Cette derni\u00e8re version de <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/specification-document\" target=\"_blank\">CVSS4.0<\/a> cherche \u00e0 fournir la plus haute fid\u00e9lit\u00e9 d&#8217;\u00e9valuation de la vuln\u00e9rabilit\u00e9 \u00e0 la fois \u00e0 l&#8217;industrie et au public, &#8221; FIRST <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/newsroom\/releases\/20231101\" target=\"_blank\">dit<\/a> dans un rapport.<\/p>\n<p>CVSS fournit essentiellement un moyen de capturer les principales caract\u00e9ristiques techniques d&#8217;une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 et de produire un score num\u00e9rique indiquant sa gravit\u00e9.  Le score peut \u00eatre traduit en diff\u00e9rents niveaux, tels que faible, moyen, \u00e9lev\u00e9 et critique, pour aider les organisations \u00e0 prioriser leurs processus de gestion des vuln\u00e9rabilit\u00e9s.<\/p>\n<p>L&#8217;une des principales mises \u00e0 jour de CVSS v3.1, <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/newsroom\/releases\/20190712\" target=\"_blank\">lib\u00e9r\u00e9<\/a> en juillet 2019, c&#8217;\u00e9tait <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/v3.1\/user-guide\" target=\"_blank\">souligner et clarifier<\/a> que &#8220;le CVSS est con\u00e7u pour mesurer la gravit\u00e9 d&#8217;une vuln\u00e9rabilit\u00e9 et ne doit pas \u00eatre utilis\u00e9 seul pour \u00e9valuer le risque&#8221;.<\/p>\n<div class=\"check_two clear babsi\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/wiz-inside-desk\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/11\/Turla-met-a-jour-la-porte-derobee-Kazuar-avec-une.png\" width=\"727\" height=\"90\"\/><\/a><\/center><\/div>\n<p>CVSS v3.1 a \u00e9galement <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/v4-0\/cvss-v40-presentation.pdf\" target=\"_blank\">suscit\u00e9 des critiques<\/a> pour un manque g\u00e9n\u00e9ral de granularit\u00e9 dans l\u2019\u00e9chelle de notation et pour ne pas avoir repr\u00e9sent\u00e9 de mani\u00e8re ad\u00e9quate les syst\u00e8mes de sant\u00e9, de s\u00e9curit\u00e9 humaine et de contr\u00f4le industriel.<\/p>\n<p>Le <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/v4.0\/user-guide\" target=\"_blank\">Derni\u00e8re revision<\/a> \u00e0 la norme vise \u00e0 combler certaines de ces lacunes en fournissant plusieurs mesures suppl\u00e9mentaires pour l&#8217;\u00e9valuation de la vuln\u00e9rabilit\u00e9, telles que la s\u00e9curit\u00e9 (S), l&#8217;automatisation (A), la r\u00e9cup\u00e9ration (R), la densit\u00e9 de valeur (V), l&#8217;effort de r\u00e9ponse \u00e0 la vuln\u00e9rabilit\u00e9 (RE) et Urgence du fournisseur (U).<\/p>\n<p>Il lance \u00e9galement une nouvelle nomenclature pour \u00e9num\u00e9rer les scores CVSS en utilisant une combinaison de base (CVSS-B), base + menace (CVSS-BT), base + environnement (CVSS-BE) et base + menace + environnement (CVSS-BTE). cotes de gravit\u00e9.<\/p>\n<p>L&#8217;id\u00e9e, D&#8217;ABORD <a rel=\"nofollow noopener\" href=\"https:\/\/www.first.org\/cvss\/v4-0\/index.html\" target=\"_blank\">dit<\/a>vise \u00e0 &#8220;renforcer le concept selon lequel CVSS n&#8217;est pas seulement le score de base&#8221;, ajoutant &#8220;cette nomenclature doit \u00eatre utilis\u00e9e partout o\u00f9 une valeur num\u00e9rique CVSS est affich\u00e9e ou communiqu\u00e9e&#8221;.<\/p>\n<p>&#8220;Le score de base CVSS doit \u00eatre compl\u00e9t\u00e9 par une analyse de l&#8217;environnement (mesures environnementales) et par des attributs susceptibles de changer au fil du temps (mesures des menaces)&#8221;, note-t-il en outre.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/11\/first-announces-cvss-40-new.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80202 novembre 2023\ue804R\u00e9daction\u00c9valuation de la vuln\u00e9rabilit\u00e9 Le Forum des \u00e9quipes de r\u00e9ponse aux incidents et de s\u00e9curit\u00e9 (FIRST) a officiellement annonc\u00e9 CVSS v4.0la nouvelle g\u00e9n\u00e9ration de la norme Common Vulnerability Scoring System, plus de huit ans apr\u00e8s la sortie de CVSS v3.0 en juin 2015. &#8220;Cette derni\u00e8re version de CVSS4.0 cherche \u00e0 fournir la plus [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":998869,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[200292,349,4168,206507,4165,4161,200267,133,4159,4171,200271,200268,5968,680,200269,200270,128318,4172,4169,2622,4166,4164,12365],"class_list":["post-998868","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-actualites-sur-la-cybersecurite","tag-annonce","tag-comment-pirater","tag-cvss","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-cyberactualites","tag-des","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-logiciel-malveillant-rancongiciel","tag-mises-a-jour-sur-la-cybersecurite","tag-notation","tag-nouveau","tag-nouvelles-des-pirates","tag-nouvelles-sur-le-piratage","tag-securite-des-informations","tag-securite-informatique","tag-securite-internet","tag-systeme","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/998868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=998868"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/998868\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/998869"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=998868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=998868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=998868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}