The Forum of Incident Response and Security Teams (FIRST) announced on Wednesday a revised version of the Common Vulnerability Scoring System (CVSS), which modifies the ranking system's recipe for judging the severity of software flaws.

The latest system, CVSS version 2, rejiggers the formula used to calculate vulnerabilities ratings based on feedback from users and security researchers. Announced in February 2005, the Common Vulnerability Scoring System gives flaws a base severity grade and modifies the rating based on environmental factors -- such as whether a company has the vulnerable system deployed -- and temporal factors -- such as whether the issue has been patched.

More than a dozen members of FIRST, which manages and develops the rating system, collaborated on the changes over the past year.

"CVSS v2 is a significant improvement over the original version," Gavin Reid, chair of the CVSS Special Interest Group in FIRST, said in a statement. "It reduces inconsistencies, provides additional granularity, and more accurately reflects the wide variety of vulnerabilities."

The Common Vulnerability Scoring System has gained popularity, especially among government users, as a method of ranking and prioritizing vulnerabilities. The National Vulnerability Database, a U.S. government project to catalog major software issues, adopted the ranking system and has assigned almost 25,000 flaws a base CVSS ranking as well as provides tools to calculate the environmental and temporal scores. The project also announced on Wednesday that it would be fully supporting CVSS version 2.

The Common Vulnerability Scoring System (CVSS) was originally the brainchild of researchers at networking giant Cisco Systems, security assessment firm Qualys, and security software company Symantec, the owner of SecurityFocus.