|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] Vuln scoring system anyone?
From: Tom Parker (tom
rooted.net)
Date: Fri Feb 25 2005 - 17:23:44 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
So what are peoples thoughts on:
http://www.newscientist.com/article.ns?id=dn7040
It strikes me that although it may be a good idea to try and rate a vulnerability based on its severity,
using metrics which measure factors such as ease of exploitation, initial levels of access required etc,
rating the "urgency" of an issue (which sounds like remediation prioritization to me), solely on the
severity seems like a mistake. People are going to use these ratings to prioritize remediation, and yet
their metrics seem to say nothing about the respective asset. Perhaps I've missed the point of the system
here; this is a topic I gas about all of the time, so I wont bore you - I'm just curious to hear what people
think.
Peace,
-Tom
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]