|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Vuln scoring system anyone?
From: Brian Erdelyi (brian_erdelyi
yahoo.com)
Date: Tue Mar 01 2005 - 19:07:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> But with my confidential information (i.e:
> passwords) I can do that.
>
> The point is this vuln could lead to all those
> things; (a break in
CVSS does have a "Collateral Damage Potential" in the
environmental score. The dilema is that this does not
have as much an impact as some might like (or expect).
I think it is a reasonable assumption to constrain
the base and temporal scores to direct or immediate
impact, not a two-staged attack.
> Or aren't passwords considered as "confidential"? Is
> that meant only
> for non-password related info? (Credit card numbers,
> bank accounts,
> trades, etc)
This is an excellent scenario and definitely worth
considering how to address (even if it's in better
awareness and setting expectations about what the
score actually means).
Brian Erdelyi
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]