Discover and read the best of Twitter Threads about #RRS
Most recents (1)
Who determines how severe a vulnerability is?
Severity is how much damage a hacker can inflict exploiting a product using that vulnerability. It doesn’t mean this is the most critical risk facing your system, but many developers mistakenly think it is.
Severity is how much damage a hacker can inflict exploiting a product using that vulnerability. It doesn’t mean this is the most critical risk facing your system, but many developers mistakenly think it is.
1/ Severity & other information related to a known issue are catalogued in a Common Vulnerabilities & Exposures (CVE) database.
Several orgs track CVEs, including the National Institute of Standards & Technology @NIST #severity #vulnerabilities
Several orgs track CVEs, including the National Institute of Standards & Technology @NIST #severity #vulnerabilities
2/ The rubric for scoring severity is the Common Vulnerability Scoring System (CVSS), an open framework for communicating the characteristics & severity of software vulnerabilities.
Several factors are classified into three categories: base, temporal & environmental.
Several factors are classified into three categories: base, temporal & environmental.
