Thanks to aconite33 @zeekzack and some Serpico team integration, Serpico now supports CVSS version 3. Enabling CVSSv3 reporting is as simple as going to the Administration menu -> Modify Configurations, and selecting CVSS3 as the Risk Scoring Algorithm.
Now that CVSS3 is enabled, when you edit or add a finding you’ll see the new metric names.
Last but not least, there is a button “CVSS Vector String” which will automatically update the metric value based on a vector string. As an example:
To round out the new CVSS 3 scoring, we have included a CVSS 3 report template. A copy of the template report can found at CVSSv3 Report Template, or pulled directly from the main Serpico repository.
If you’re at Black Hat next week stop by and check out these new features in action. We’ll be at the Arsenal track on Thursday, July 27th from 10:00am-11:20am.