Penetration Testing mailing list archives
Re: Vulnebrability level definition
From: Per Niila Albinsson <per () same net>
Date: Wed, 12 Feb 2003 23:20:41 +0100
Hi From a vendor point of view I agree there is a difference. Though the complexity of exploiting a certain vulnerability would probably be a good indicator for the probability classification.A vendor can only give a very generic answer to these questions. When I suggested to take the probability in count I was targeting a scenario where a consultant will make a penetration test and present the result for the customers. /Per Niila
Amen to this. My personal belief is that one can not say what is the severity of a bug. It all depends on how the equipment is used. It may not be much about if it is a large network or not but if that feature is used. Another question is "What is worth of your data?". If some bug will expose something that is public anyway then it boils down a nuisance. If it will expose your confidential data then it is very serious indeed. The vendor can not know how a particular feature will be used in a customer's environment. Yes, a vendor may have some idea but, is it valid in all cases? Gaus
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: Vulnebrability level definition, (continued)
- RE: Vulnebrability level definition Greg Reber (Feb 11)
- Re: Vulnebrability level definition R. DuFresne (Feb 11)
- Re: Vulnebrability level definition Per Niila Albinsson (Feb 11)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- RE: Vulnebrability level definition Rob Shein (Feb 12)
- RE: Vulnebrability level definition Damir Rajnovic (Feb 13)
- RE: Vulnebrability level definition Rob Shein (Feb 14)
- Re: Vulnebrability level definition Damir Rajnovic (Feb 12)
- Re: Vulnebrability level definition raymond (Feb 14)