Andres - we believe that there are a number of factors that influence the 'severity' of a given vulnerability, and this severity can change with time. There are a number of network exposure management systems out there that use different methodologies to rate vulnerabilities and present the associated severities on a numerical scoring basis. Ncircle (www.ncircle.com) is one of those that seem to have a good handle on it. Maybe they can provide you with a synopsis of their methodology. -greg The information in this email is likely confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. -----Original Message----- From: Andres Martinez [mailto:artimanat_private] Sent: Tuesday, February 11, 2003 8:41 AM To: security-basicsat_private; pen-testat_private Subject: Vulnebrability level definition I need a good definition for the levels of severity related with vulnerabilities I'm using Very High, High, Mid , Low, Warning Any documentation, definition or Internet URL will be appreciated Tks Andres M ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 17:29:33 PST