Home page logo

dailydave logo Dailydave mailing list archives

Re: smaller errors eroding situational awareness.
From: Anton Chuvakin <anton () chuvakin org>
Date: Fri, 16 Aug 2013 13:32:44 -0700

of prioritization for vulnerabilities. I've seen to many organizaitons
debate a CVSS score with our support team so they can get it moved off
of their mandate to patch everything with a CVSS score of X or higher.

This, BTW, is NOT a joke :-)   In essence, many of these organization
will likely NOT learn any lessons from the directory traverse ownage,
apart from "NVD can be wrong."  If they can fix/patch  500
vulns/month, but their VA tool shows them 1000 Hs, 5000 Ms and
infinity of Ls a week, their patching strategy won't suddenly change
to "fix all Hs, Ms and Ls."  Exploitability may help them a bit, but I
doubt it will "solve the problem."  After all, the Low severity vuln
of "system responds to pings" is ...ahemmm.. exploitable as you can
actually send the damn ping :-)

Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Twitter: @anton_chuvakin
Work: http://www.linkedin.com/in/chuvakin
Dailydave mailing list
Dailydave () lists immunityinc com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]