Dailydave mailing list archives
Re: The CrateMaster2000 of Security.
From: andre () operations net
Date: Thu, 25 Jan 2007 17:42:12 -0700
Anton, Dave is probably speaking about how CVSS is a weak measurement of vulnerabilities. Microsoft Press has documented in dealing with threats vs. vulnerabilities in "Threat Modeling" and "Hunting Security Bugs". For example, Microsoft introduced STRIDE (threat-modeling) to augment their DREAD vulnerability rating system. You may also want to look at non-Microsoft threat-modeling such as CIAA or Trike (presented at ToorCon 2005). Also, speaking directly to CVSS is a blog entry and comment on OSVDB's blog: http://osvdb.org/blog/?p=147#comments -dre On 1/25/07, Anton Chuvakin <anton () chuvakin org> wrote:
somehow perfectly satirized by Old Man Murray's CrateMaster2000 (http://www.oldmanmurray.com/features/39.html), then it's time to go back to the drawing board. CVSS, we're looking at you here.So, I am curious, how is CVSS like a CrateMaster 2000? -- Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA http://www.chuvakin.org http://chuvakin.blogspot.com http://www.info-secure.org _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The CrateMaster2000 of Security. Dave Aitel (Jan 25)
- Re: The CrateMaster2000 of Security. Anton Chuvakin (Jan 25)
- Re: The CrateMaster2000 of Security. andre (Jan 26)
- Re: The CrateMaster2000 of Security. Robert Graham (Jan 26)
- Re: The CrateMaster2000 of Security. Ron Gula (Jan 27)
- <Possible follow-ups>
- FW: The CrateMaster2000 of Security. Des Ward (Jan 28)
- Re: FW: The CrateMaster2000 of Security. Florian Weimer (Jan 30)
- Re: FW: The CrateMaster2000 of Security. Des Ward (Jan 30)
- Re: The CrateMaster2000 of Security. Anton Chuvakin (Jan 25)