Part of this depends upon the technical savvy of the folks you are trying to communicatew with. And there is prolly alot of confusion with various rating methods in place depending upon whence one seeks such info, nessus I think uses params much like you state here, I think mitre.org uses something a tad different, while SAN' weekly vulnerability assessments look to rate much as you do here. I kinda like the SANS rating methid and would suggest that might work as a template for you to go by. Thanks, Ron DuFresne On Tue, 11 Feb 2003, Andres Martinez wrote: > I need a good definition for the levels of severity related with > vulnerabilities > I'm using Very High, High, Mid , Low, Warning > > Any documentation, definition or Internet URL will be appreciated > > Tks > > Andres M > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ > -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 17:31:56 PST