Re: Interactive Vulnerability Scoring System

[Dave Aitel <dave () immunitysec com>]

Just for kicks, VSC's current score is 84.9 and our current average is 
7.7 :> If I had more than 15 minutes spare, I'd draw a floating average 
and do some real statistics but I don't.

Also, I noted a few problems with the system as a whole. It's clumpy, 
which means it needs more metrics, and they need to be more specific. 
Also, what if a bug is patched but unknown? There are a lot of questions 
left unanswered that affect how interesting a vulnerability is. Anyways, 
I did a quick sample just for humor's sake.

Please note: You cannot post to the list without being subscribed. This 
list gets more spam than I can handle wading through. There's no 
"content" moderation of  DD though, so don't feel slighted.

IMHO,
Dave Aitel
Senior Policy Analyst
Immunity, Inc.

Brian Erdelyi wrote:

> My obsession with the Common Vulnerability Scoring
> System (CVSS) continues.
>
> I've now created a web-based Interactive Common
> Vulnerability Scoring System at
> http://www.securityhive.com/index.php?module=ContentExpress&func=display&ceid=3
>
> Next will be to make it more user friendly with some
> links and references from the final CVSS report.
>
> Brian Erdelyi
>
>
>         
>                 


_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave