Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smaller errors eroding situational awareness.

From: Anton Chuvakin <anton () chuvakin org>
Date: Fri, 16 Aug 2013 13:32:44 -0700
of prioritization for vulnerabilities. I've seen to many organizaitons
debate a CVSS score with our support team so they can get it moved off
of their mandate to patch everything with a CVSS score of X or higher.


This, BTW, is NOT a joke :-)   In essence, many of these organization
will likely NOT learn any lessons from the directory traverse ownage,
apart from "NVD can be wrong."  If they can fix/patch  500
vulns/month, but their VA tool shows them 1000 Hs, 5000 Ms and
infinity of Ls a week, their patching strategy won't suddenly change
to "fix all Hs, Ms and Ls."  Exploitability may help them a bit, but I
doubt it will "solve the problem."  After all, the Low severity vuln
of "system responds to pings" is ...ahemmm.. exploitable as you can
actually send the damn ping :-)

-- 
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: