|
Dailydave
mailing list archives
Re: The CrateMaster2000 of Security.
From: andre () operations net
Date: Thu, 25 Jan 2007 17:42:12 -0700
Anton,
Dave is probably speaking about how CVSS is a weak measurement of
vulnerabilities. Microsoft Press has documented in dealing with
threats vs. vulnerabilities in "Threat Modeling" and "Hunting Security
Bugs".
For example, Microsoft introduced STRIDE (threat-modeling) to augment
their DREAD vulnerability rating system. You may also want to look at
non-Microsoft threat-modeling such as CIAA or Trike (presented at
ToorCon 2005).
Also, speaking directly to CVSS is a blog entry and comment on OSVDB's blog:
http://osvdb.org/blog/?p=147#comments
-dre
On 1/25/07, Anton Chuvakin <anton () chuvakin org> wrote:
somehow perfectly satirized by Old Man Murray's CrateMaster2000
(http://www.oldmanmurray.com/features/39.html), then it's time to go
back to the drawing board. CVSS, we're looking at you here.
So, I am curious, how is CVSS like a CrateMaster 2000?
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://chuvakin.blogspot.com
http://www.info-secure.org
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
 By Date 
By Thread
Current thread:
|
Intro
