The purpose of this study is to analyze the difference between Common Vulnerability Scoring System (CVSS) version 2 and version 3 scores. This study uses CVSSv2 and CVSSv3 scores provided by the National Vulnerability Database (NVD). A total of 745 vulnerabilities were analyzed (each of the vulnerabilities is identified by a Common Vulnerability and Exposure (CVE) identifier). The goal is to identify the percentage of vulnerabilities, which score increased or decreased, based on the two versions of the protocol (CVSSv2 vs. CVSSv3). - View it on GitHub