mapping vulnerabilities into high medium low risk

From: thomasng@bigfella.is-a-geek.net
Date: Wed Sep 17 2003 - 04:09:49 EDT


Hi,

Anyone know any open source methodology about categorizing
vulnerabilities? When doing a Pent Test, I need to categorize a particular
vulnerability into high medium or low risk. These vulnerabilities may be a
web application vulnerability or may be a new system vuln that has yet to
be discovered. So is there any open source methodology that give you a
guide to how to categorize the vuln?

 

Rgds

Thomas

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT