http://blogs.technet.com/security/archive/2007/11/02/severity-rating-systems-part-1.aspxRead the full Part 1 on CSOonline . Recently, Red Hat has raised some objections to my use in analysis of the High, Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD)enCommunityServer 2.1 SP1 (Build: 61025.2)