Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smaller errors eroding situational awareness.

From: security curmudgeon <jericho () attrition org>
Date: Sun, 18 Aug 2013 00:07:29 -0500 (CDT)

: Jericho and I touched on this challenge a little bit when we said that 
: "Vulns are gonna get weirder" in our Black Hat presentation on why 
: vulnerability statistics suck (slide 79), plus there is the general 
: theme of CVSS's limitations for risk assessment by various presenters in 
: the past year or two.  Unfortunately, the number of people who complain 
: about CVSSv2 is exponentially smaller than the number of people who are 
: actively contributing to the development of CVSSv3 which is ongoing, but 
: I digress into uncomfortable observations.

I'd have to listen to audio again, but pretty sure that I very, very 
briefly touched on vulnerability chains, and immediately moved on. Why? 
CVSSv2 is a mess. CVSSv3 promises to resolve some fundamental headaches.

I don't see any scoring system properly deal with chaining in this decade.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: