Dailydave mailing list archives
Re: smaller errors eroding situational awareness.
From: security curmudgeon <jericho () attrition org>
Date: Sun, 18 Aug 2013 00:07:29 -0500 (CDT)
: Jericho and I touched on this challenge a little bit when we said that : "Vulns are gonna get weirder" in our Black Hat presentation on why : vulnerability statistics suck (slide 79), plus there is the general : theme of CVSS's limitations for risk assessment by various presenters in : the past year or two. Unfortunately, the number of people who complain : about CVSSv2 is exponentially smaller than the number of people who are : actively contributing to the development of CVSSv3 which is ongoing, but : I digress into uncomfortable observations. I'd have to listen to audio again, but pretty sure that I very, very briefly touched on vulnerability chains, and immediately moved on. Why? CVSSv2 is a mess. CVSSv3 promises to resolve some fundamental headaches. I don't see any scoring system properly deal with chaining in this decade. _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- smaller errors eroding situational awareness. Dave Aitel (Aug 16)
- Re: smaller errors eroding situational awareness. Kristian Erik Hermansen (Aug 16)
- Re: smaller errors eroding situational awareness. Ron Gula (Aug 16)
- Re: smaller errors eroding situational awareness. Anton Chuvakin (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Anton Chuvakin (Aug 19)
- Re: smaller errors eroding situational awareness. Christey, Steven M. (Aug 19)
- Re: smaller errors eroding situational awareness. security curmudgeon (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. security curmudgeon (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Justin Ferguson (Aug 21)