The Common Vulnerability Scoring System has a lot of critics, but experts say it’s still the best unified way to share the severity of cybersecurity flaws.