Penetration Testing mailing list archives
RE: mapping vulnerabilities into high medium low risk
From: "Cure, Samuel J" <scure () kpmg com>
Date: Wed, 8 Oct 2003 14:51:33 -0400
I would also be sure to dilute or strengthen the rating by adding in the Asset factor to the equation (such as: High risk, BUT, it is a print server, therefore Low risk). -scure -----Original Message----- From: Brian E [mailto:brian_anon () hotmail com] Sent: Tuesday, October 07, 2003 9:35 PM To: pen-test () securityfocus com Subject: Re: mapping vulnerabilities into high medium low risk In-Reply-To: <Pine.LNX.4.44.0309180945040.21682-100000 () bigfella is-a-geek net> Another model I like is from SANS, http://www.sans.org/newsletters/cva/#process. This uses a critical, high, moderate, and low scale. I'd love to hear what your research has found. --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ---------------------------------------------------------------------------- ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Re: mapping vulnerabilities into high medium low risk Brian E (Oct 08)
- <Possible follow-ups>
- RE: mapping vulnerabilities into high medium low risk Cure, Samuel J (Oct 08)