|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Vuln scoring system anyone?
From: Blue Boar (BlueBoar
thievco.com)
Date: Tue Mar 01 2005 - 15:22:14 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
security curmudgeon wrote:
> What if someone posted a Snort signature for a new vuln before a vendor
> ack'd it? You have no proof that its a valid vulnerability yourself, but
> you have a detailed advisory from a reputable security researcher and a
> respected snort sig writer that tested the vulnerability and wrote a
> signature to monitor for exploitation.
>
> That has to count for something, yes?
Yes, it counts for something. However, it's not the sort of easy thing
to weight when creating a simplistic scoring system. It's not a nice
easy binary state like "vendor ack". At best, it gets oversimplified
into something like "seen in the wild" or "anecdotal evidence".
I'm not saying you don't pay attention to it, I'm just saying it's not
simple enough to get included in a lot of ratings schemes. And yes,
that's a failing of the rating scheme to not capture and weigh all
available information.
BB
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]