Dailydave mailing list archives
Re: Re: Dailydave Digest, Vol 22, Issue 2
From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 Mar 2005 20:06:42 -0500 (EST)
: > as i mentioned in another mail to you, how do you : > classify a remote : > overflow? if you use the standard CIA measure, it is : : CVSS is still maturing. As more vulnerabilities are "scored" and the : model refined and elaborated on, it should become easier to consistently : score vulnerabilities. but there is two decades of vulnerabilities to use to model this framework. they should to the homework now, not change it up after six months of implementation and feedback. they should be soliciting the opinions of anyone in the security field, especially vulnerability researchers. : Anyone care to select 5 CVE vulns and compare how we rate them? check out 200x-0123 as a sampling. if one of them isn't available, bump it up a number (0124 etc). _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Dailydave Digest, Vol 22, Issue 2 Brian Erdelyi (Mar 01)
- Re: Re: Dailydave Digest, Vol 22, Issue 2 security curmudgeon (Mar 01)