Dailydave mailing list archives

Re: Vuln scoring system anyone?

From: Brian Erdelyi <brian_erdelyi () yahoo com>
Date: Tue, 1 Mar 2005 17:07:05 -0800 (PST)

But with my confidential information (i.e:
passwords) I can do that. 

The point is this vuln could lead to all those
things; (a break in


CVSS does have a "Collateral Damage Potential" in the
environmental score.  The dilema is that this does not
have as much an impact as some might like (or expect).
 I think it is a reasonable assumption to constrain
the base and temporal scores to direct or immediate
impact, not a two-staged attack.

Or aren't passwords considered as "confidential"? Is
that meant only
for non-password related info? (Credit card numbers,
bank accounts,
trades, etc)


This is an excellent scenario and definitely worth
considering how to address (even if it's in better
awareness and setting expectations about what the
score actually means).

Brian Erdelyi

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Vuln scoring system anyone?, (continued)
- - - Re: Vuln scoring system anyone? Tom Parker (Mar 02)
    - Re: Vuln scoring system anyone? Jason (Mar 02)
    - Re: Vuln scoring system anyone? Kurt Seifried (Mar 02)
    - RE: Vuln scoring system anyone? Ben Nagy (Mar 03)
    - Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
    - Re: Vuln scoring system anyone? Frank Knobbe (Mar 01)
    - Re: Vuln scoring system anyone? Blue Boar (Mar 01)
    - Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- RE: Vuln scoring system anyone? Brian Erdelyi (Mar 01)
- Re: Vuln scoring system anyone? Brian Erdelyi (Mar 01)
- Re: Vuln scoring system anyone? Brian Erdelyi (Mar 01)