Dailydave mailing list archives
Re: smaller errors eroding situational awareness.
From: Christian Heinrich <christian.heinrich () cmlh id au>
Date: Wed, 21 Aug 2013 10:16:20 +1000
Ron, To reuse the PCI DSS v2.0 Requirement 6.2 example, the core issue is that "... a vendor-supplied patch classified by the vendor as "critical"" and in this circumstance the source of truth is the "vendor" and not Nessus. In addition, Nessus (or any other product implemented by an ASV) may have the incorrect CVSSv2 Base Score listed e.g. https://discussions.nessus.org/thread/4769 On Sat, Aug 17, 2013 at 5:36 AM, Ron Gula <rgula () tenable com> wrote:
Examples like this are why I push the "exploitability" field as a form of prioritization for vulnerabilities. I've seen to many organizaitons debate a CVSS score with our support team so they can get it moved off of their mandate to patch everything with a CVSS score of X or higher.
-- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- smaller errors eroding situational awareness. Dave Aitel (Aug 16)
- Re: smaller errors eroding situational awareness. Kristian Erik Hermansen (Aug 16)
- Re: smaller errors eroding situational awareness. Ron Gula (Aug 16)
- Re: smaller errors eroding situational awareness. Anton Chuvakin (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Anton Chuvakin (Aug 19)
- Re: smaller errors eroding situational awareness. Christey, Steven M. (Aug 19)
- Re: smaller errors eroding situational awareness. security curmudgeon (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. security curmudgeon (Aug 19)
- Re: smaller errors eroding situational awareness. Christian Heinrich (Aug 21)
- Re: smaller errors eroding situational awareness. Justin Ferguson (Aug 21)