Penetration Testing mailing list archives

RE: mapping vulnerabilities into high medium low risk

From: "Cure, Samuel J" <scure () kpmg com>
Date: Wed, 8 Oct 2003 14:51:33 -0400

I would also be sure to dilute or strengthen the rating by adding in the
Asset factor to the equation (such as: High risk, BUT, it is a print server,
therefore Low risk).

-scure

-----Original Message-----
From: Brian E [mailto:brian_anon () hotmail com]
Sent: Tuesday, October 07, 2003 9:35 PM
To: pen-test () securityfocus com
Subject: Re: mapping vulnerabilities into high medium low risk

In-Reply-To:
<Pine.LNX.4.44.0309180945040.21682-100000 () bigfella is-a-geek net>

Another model I like is from SANS,
http://www.sans.org/newsletters/cva/#process.

This uses a critical, high, moderate, and low scale.

I'd love to hear what your research has found.

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************

---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------

Current thread:

Re: mapping vulnerabilities into high medium low risk Brian E (Oct 08)
- <Possible follow-ups>
- RE: mapping vulnerabilities into high medium low risk Cure, Samuel J (Oct 08)