Penetration Testing mailing list archives
RE: Security Grade
From: "Malhoit, Lauren" <Lauren.Malhoit () tylertech com>
Date: Fri, 7 Dec 2007 12:49:11 -0500
I think it's all pretty relative. Microsoft recommends doing either a qualitative risk analysis or quantitative (or both). In one case you assign the odds of the risk of a specific attack a number (1-10) and assign the severity of the risk a number (ie will it cause business to shut down or something). Then you multiply those two numbers and it gives you a risk assessment. In the other case, you actually take the odds of how many times a year a risk might happen -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of 11ack3r Sent: Thursday, December 06, 2007 6:18 AM To: pen-test () securityfocus com Subject: Security Grade Hi, Is there a security criteria or matrix against which we could grade customer's pen test results? Like assigning them grade between A to E or 1 to 10. *.* ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Security Grade 11ack3r (Dec 06)
- Re: Security Grade JD Lampard (Dec 10)
- Re: Security Grade Ed Fuller (Dec 12)
- Re: Security Grade dave-san (Dec 10)
- RE: Security Grade Malhoit, Lauren (Dec 10)
- Re: Security Grade Benjamin Tomhave (Dec 10)
- Re: Security Grade Eddie Block (Dec 10)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Eddie Block (Dec 12)
- Re: Security Grade Francois Larouche (Dec 13)
- Re: Security Grade Pete Herzog (Dec 13)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Stephen Strange (Dec 12)
- Re: Security Grade JD Lampard (Dec 10)
- <Possible follow-ups>
- Re: Security Grade lauren . malhoit (Dec 10)
- Re: Re: Security Grade cwright (Dec 12)