Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Vuln scoring system anyone?
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 01 Mar 2005 13:22:14 -0800
security curmudgeon wrote:
What if someone posted a Snort signature for a new vuln before a vendor ack'd it? You have no proof that its a valid vulnerability yourself, but you have a detailed advisory from a reputable security researcher and a respected snort sig writer that tested the vulnerability and wrote a signature to monitor for exploitation. 
That has to count for something, yes?
Yes, it counts for something. However, it's not the sort of easy thing to weight when creating a simplistic scoring system. It's not a nice easy binary state like "vendor ack". At best, it gets oversimplified into something like "seen in the wild" or "anecdotal evidence".
I'm not saying you don't pay attention to it, I'm just saying it's not simple enough to get included in a lot of ratings schemes. And yes, that's a failing of the rating scheme to not capture and weigh all available information. 

                                        BB
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]