Dailydave mailing list archives
Vuln scoring system anyone?
From: Tom Parker <tom () rooted net>
Date: Fri, 25 Feb 2005 23:23:44 +0000
So what are peoples thoughts on: http://www.newscientist.com/article.ns?id=dn7040 It strikes me that although it may be a good idea to try and rate a vulnerability based on its severity, using metrics which measure factors such as ease of exploitation, initial levels of access required etc, rating the "urgency" of an issue (which sounds like remediation prioritization to me), solely on the severity seems like a mistake. People are going to use these ratings to prioritize remediation, and yet their metrics seem to say nothing about the respective asset. Perhaps I've missed the point of the system here; this is a topic I gas about all of the time, so I wont bore you - I'm just curious to hear what people think. Peace, -Tom _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Official Immunity Defcon Clothing! Holden Williamson (Feb 25)
- Re: Official Immunity Defcon Clothing! Dave Aitel (Feb 25)
- Re: Official Immunity Defcon Clothing! Holden Williamson (Feb 25)
- Vuln scoring system anyone? Tom Parker (Feb 25)
- Re: Vuln scoring system anyone? security curmudgeon (Feb 25)
- Re: Vuln scoring system anyone? Dragos Ruiu (Feb 25)
- Re: Vuln scoring system anyone? robert (Feb 26)
- Re: Vuln scoring system anyone? Florian Weimer (Feb 26)
- Re: Vuln scoring system anyone? Ron Gula (Feb 26)
- Re: Official Immunity Defcon Clothing! Holden Williamson (Feb 25)
- Re: Official Immunity Defcon Clothing! Dave Aitel (Feb 25)