Dailydave mailing list archives

Re: Re: Dailydave Digest, Vol 22, Issue 2

From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 Mar 2005 20:06:42 -0500 (EST)


: > as i mentioned in another mail to you, how do you
: > classify a remote 
: > overflow? if you use the standard CIA measure, it is
: 
: CVSS is still maturing.  As more vulnerabilities are "scored" and the 
: model refined and elaborated on, it should become easier to consistently 
: score vulnerabilities.

but there is two decades of vulnerabilities to use to model this 
framework. they should to the homework now, not change it up after six 
months of implementation and feedback. they should be soliciting the 
opinions of anyone in the security field, especially vulnerability 
researchers.

: Anyone care to select 5 CVE vulns and compare how we rate them?

check out 200x-0123 as a sampling. if one of them isn't available, bump it 
up a number (0124 etc).
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Dailydave Digest, Vol 22, Issue 2 Brian Erdelyi (Mar 01)
- Re: Re: Dailydave Digest, Vol 22, Issue 2 security curmudgeon (Mar 01)