Information Security News mailing list archives
We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 8 Nov 2019 07:24:16 +0000 (UTC)
https://www.theregister.co.uk/2019/11/07/disclosure_marc_rogers/ By Shaun Nichols in San Francisco The Register 7 Nov 2019Disclosure The way we rate the severity of computer security vulnerabilities and bugs needs to change to better protect people and businesses from malware and cyber-crime.
So says Marc Rogers, executive director of cybersecurity at Okta and head of security at the world's biggest hacking conference DEF CON.
Speaking to The Register at Okta's Disclosure conference in San Francisco this week, Rogers reckoned today's methods of scoring and classifying security vulnerabilities reflect a dated system that didn't take into account the way that modern attackers operate.
"The challenge is the whole vulnerability management space has been evolving," Rogers said, "but it is being outpaced by the evolution of how we leverage attacks."
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why? InfoSec News (Nov 07)