Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vuln scoring system anyone?

From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 01 Mar 2005 13:22:14 -0800
security curmudgeon wrote:
What if someone posted a Snort signature for a new vuln before a vendor ack'd it? You have no proof that its a valid vulnerability yourself, but you have a detailed advisory from a reputable security researcher and a respected snort sig writer that tested the vulnerability and wrote a signature to monitor for exploitation. 
That has to count for something, yes?
Yes, it counts for something. However, it's not the sort of easy thing to weight when creating a simplistic scoring system. It's not a nice easy binary state like "vendor ack". At best, it gets oversimplified into something like "seen in the wild" or "anecdotal evidence".
I'm not saying you don't pay attention to it, I'm just saying it's not simple enough to get included in a lot of ratings schemes. And yes, that's a failing of the rating scheme to not capture and weigh all available information. 

                                        BB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: