RE: Vulnebrability level definition

From: Greg Reber (greg.reber@astechconsulting.com)
Date: Tue Feb 11 2003 - 12:36:42 EST

• Next message: Discussion Lists: "RE: dsniff-like tool?"
• Previous message: Alfred Huger: "That 3 line ad at the bottom of each pen-test message.."
• In reply to: Andres Martinez: "Vulnebrability level definition"
• Next in thread: R. DuFresne: "Re: Vulnebrability level definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Andres - we believe that there are a number of factors that influence the
'severity' of a given vulnerability, and this severity can change with time.
There are a number of network exposure management systems out there that use
different methodologies to rate vulnerabilities and present the associated
severities on a numerical scoring basis. Ncircle (www.ncircle.com) is one
of those that seem to have a good handle on it. Maybe they can provide you
with a synopsis of their methodology.

-greg

The information in this email is likely confidential and may be legally
privileged. It is intended solely for the addressee. Access to this email by
anyone else is unauthorized. If you are not the intended recipient, any
disclosure, copying, distribution or any action taken or omitted to be taken
in reliance on it, is prohibited and may be unlawful.

-----Original Message-----
From: Andres Martinez [mailto:artiman@insightbb.com]
Sent: Tuesday, February 11, 2003 8:41 AM
To: security-basics@securityfocus.com; pen-test@securityfocus.com
Subject: Vulnebrability level definition

I need a good definition for the levels of severity related with
vulnerabilities
I'm using Very High, High, Mid , Low, Warning

Any documentation, definition or Internet URL will be appreciated

Tks

Andres M

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Discussion Lists: "RE: dsniff-like tool?"
• Previous message: Alfred Huger: "That 3 line ad at the bottom of each pen-test message.."
• In reply to: Andres Martinez: "Vulnebrability level definition"
• Next in thread: R. DuFresne: "Re: Vulnebrability level definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT