|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Vuln scoring system anyone?
From: Brian (bmc
snort.org)
Date: Tue Mar 01 2005 - 14:51:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Mar 01, 2005 at 03:40:11PM -0500, security curmudgeon wrote:
> What if someone posts to an incident list that they got owned by
> this vuln, but the vendor hasn't ack'd it?
I wouldn't trust randoms on an incident list to know what
vulnerability caused the incident they are investigating.
If you see an email to bugtraq saying:
"I found a vuln in SSH."
And someone else sends an email to incidents:
"I only run SSH and got owned via SSH."
Then you've got a new confirmed vulnerability? Not hardly.
Brian
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]