Re: Vulnebrability level definition

["R. DuFresne" <dufresne () sysinfo com>]

Part of this depends upon the technical savvy of the folks you are trying
to communicatew with.  And there is prolly alot of confusion with various
rating methods in place depending upon whence one seeks such info, nessus
I think uses params much like you state here, I think mitre.org uses
something a tad different, while SAN' weekly vulnerability assessments
look to rate much as you do here.  I kinda like the SANS rating methid and
would suggest that might work as a template for you to go by.


Thanks,

Ron DuFresne

On Tue, 11 Feb 2003, Andres Martinez wrote:

> I need a good definition for the levels of severity related with
> vulnerabilities
> I'm using Very High, High, Mid , Low, Warning
>
> Any documentation, definition or Internet URL will be appreciated
>
> Tks
>
> Andres M
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/