We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?
Because it gives an easy and quick method of identifying their severity. However, as Jake says above, if you only rely on the CVSS then you're doing it wrong.
Biting the hand that feeds IT
