„Carnegie Mellon University's Software Engineering Institute (SEI), in collaboration with CISA, created the Stakeholder-Specific Vulnerability Categorization (SSVC) system in 2019 to provide the cyber community a vulnerability analysis methodology that accounts for a vulnerability's exploitation status, impacts to safety, and prevalence of the affected product in a singular system.“
Last week, a rating guide on how to use the #SSVC was published by CISA.

SSVC: https://www.cisa.gov/ssvc
Guide: https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf