Vulnerability Development mailing list archives
Re: Exploit Ease Level
From: vision () WHITEHATS COM (Max Vision)
Date: Wed, 26 Apr 2000 20:26:47 -0700
On Tue, 25 Apr 2000, Rory Savage wrote:
I wish there was an `Exploit Ease Refrence Level`, so when one posts an exploit, they would also post an `Easebility` level to let others know if it's an easy trick, or a drawn-out project that involves alot of time. This is just a suggestion, but I think it would really work out well, especially for these mailing lists. But I know I am farting in the wind again... and nobody cares... but in a few months, somebody will steal my idea anyway (and call it their own). In fact, I just might draft up a proposal... and see that the `scene` think about it. Cheers!
Rory, This is actually a really old idea that has been around at least in commercial security scanners (such as Ballista/Cybercop) for some number of years (sometimes refered to as "complexity"). I believe several security groups are working these sorts of values into metrics of overall risk levels for various vulnerabilities (alongside impact, popularity, ease of fix, etc) - so when a hole is found, it gets a certain score for these traits and an overall threat level is determined. IMHO many times these values are dangerously wrong and can lead to problems. In some products I've seen "ease of exploit" listed as very complex when I know it to be push-button easy. Max
Current thread:
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. LiGHTNiNG (Apr 24)
- Re: Securax Security Advisory: Windows98 contains a seriousbufferoverflow with long filenameextensions. Markus Kern (Apr 25)
- <Possible follow-ups>
- Re: Securax Security Advisory: Windows98 contains a seriousbuffer overflow with long filenameextensions. Schockaert, Rudy (Apr 24)
- Netaddress and amexmail Arturo Busleiman (Apr 25)
- Re: Netaddress and amexmail Fabio Pietrosanti (Apr 27)
- Re: Netaddress and amexmail Blue Boar (Apr 27)
- Re: Netaddress and amexmail Marc Slemko (Apr 28)
- Re: Netaddress and amexmail Arturo Busleiman (Apr 28)
- Netaddress and amexmail Arturo Busleiman (Apr 25)
- Re: Netaddress and amexmail Stone (Apr 27)
- Exploit Ease Level Rory Savage (Apr 25)
- Re: Exploit Ease Level Max Vision (Apr 26)
- Re: Exploit Ease Level Rory Savage (Apr 28)
- Using php to bounce scan Thiebaut (Apr 28)
- Re: Using php to bounce scan Omachonu Ogali (Apr 28)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- corrupted link JklojLrnzn () AOL COM (Apr 30)
- Re: Using php to bounce scan Matt Rae (Apr 30)
- Re: Using php to bounce scan Thiebaut (Apr 30)
- Re: Exploit Ease Level Max Vision (Apr 28)
- Re: Exploit Ease Level jms (Apr 29)
- Re: Exploit Ease Level Rory Savage (Apr 29)