Penetration Testing mailing list archives

Re: Vulnebrability level definition

From: raymond <ip_raymond () yahoo com>
Date: Fri, 14 Feb 2003 07:27:01 -0800 (PST)

Hi,

I think that we should not be mixing the vulnerability
and risk together. Vulnerability is the weakness of a
design or system to be exploited. The risk is loss in
case it happens...

Therefore, CVE is all refering to Vulnerability. If
you put up a MSQL Server in a standalone machine
without any LAN connection. Is this a risk ?


__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Vulnebrability level definition Andres Martinez (Feb 11)
- RE: Vulnebrability level definition Greg Reber (Feb 11)
- Re: Vulnebrability level definition R. DuFresne (Feb 11)
- <Possible follow-ups>
- Re: Vulnebrability level definition Per Niila Albinsson (Feb 11)
  - Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
    - RE: Vulnebrability level definition Rob Shein (Feb 12)
    - RE: Vulnebrability level definition Damir Rajnovic (Feb 13)
    - RE: Vulnebrability level definition Rob Shein (Feb 14)
- Re: Vulnebrability level definition Steven M. Christey (Feb 12)
  - Re: Vulnebrability level definition raymond (Feb 14)
- RE: Vulnebrability level definition Milton . Keath (Feb 12)
- Re: Vulnebrability level definition Per Niila Albinsson (Feb 13)
- RE: Vulnebrability level definition Shawn Bernard (Feb 13)
- RE: Vulnebrability level definition Kohlenberg, Toby (Feb 14)