Hi Perhaps you could be helped by Vigilantes classification: ---cut starts here--- High Risk A high risk vulnerability provides direct access to an organization's private assets, providing the potential for theft, deletion or alteration of those assets. Medium Risk A medium risk vulnerability provides access to an organization's private assets in combination with one or more other vulnerabilities. By exploiting multiple medium risk vulnerabilities, an attacker will have the capability for theft, deletion or alteration of an organization's assets. VIGILANTe also considers denial-of-service attacks to be medium risk vulnerabilities. Low Risk A low risk vulnerability does not lead directly to access of an organization's private assets, but provides a excessive information that might help an attacker gain unauthorized access. ---cut ends here--- Source: http://www.vigilante.com/securescan/perimeter/sample_report/ I do believe there would also be a need for classification of a vulnerability could be exploited remotely or/and locally. There would also be a need for probablity which I do guess is very subjectivem but do depends of the customers enviroment. The probability for someone exploiting a vulnerabliity would be large on a public accessible server, medium for a server on the internal network, and low on a network with no users. Best regards, Per Niila Albinsson On Tuesday 11 February 2003 17.40, artimanat_private wrote: > I need a good definition for the levels of severity related with > vulnerabilities > I'm using Very High, High, Mid , Low, Warning > > Any documentation, definition or Internet URL will be appreciated > > Tks > > Andres M > > > > --------------------------------------------------------------------------- >- This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please see: > https://alerts.securityfocus.com/ -- ===================== Per Niila Albinsson perat_private ===================== ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Feb 11 2003 - 17:33:08 PST