Use CVSS Version 3 as the Default for Vulnerability Scoring

Results are calculated according to common vulnerability scoring system (CVSS) 2 by default. You can change the setting so that the vulnerability count for applications is based on CVSS 3. Here's how:

1. From the Shortcuts, select Account settings

2. Under Bill of Materials > CVSS scoring, select the drop-down menu under Set CVSS v3 version

Note that CVSS 3 will display both CVSS 3.0 and 3.1 scores.

When you change the CVSS version:

• Any user can still toggle between CVSS 2 and 3 on the Vulnerability analysis tab.

• Both scores are visible in the detailed view of a component, although only one set of scores is applied to the final vulnerability count.