The CVSS is a free and open industry standard for determining the severity of a vulnerability. When defining the vulnerability in the context of its severity, we need to categorize the vulnerability based on the CVSS score calculation. This subsection will introduce the client to the CVSS and the version we'll be using in the report. At the time of writing, CVSS is at version CVSS v3.1, which was released in June 2019.