[WEB SECURITY] Poll: How do you rank the importance of a vulnerability?

Paul Johnston paul.johnston at pentest.co.uk
Tue Feb 5 05:33:36 EST 2013


Hi,

I actually like the Mozilla and Chromium approach. Although browsers and
web apps are not exactly the same, the principles seem to work. I like
that they are guidelines only - and rely somewhat on the judgement on
the person doing the analysis. That seems to work better than systems
that try to be entirely objective. I can see the attraction of an
objective system - I just have not yet found one that works as well as
subjective judgement. CVSS was quite a disappointment, but based on
other responses to the poll I have got one of our guys looking at DREAD.

https://wiki.mozilla.org/Security_Severity_Ratings
https://sites.google.com/a/chromium.org/dev/developers/severity-guidelines

Paul

-- 
Pentest - The Application Security Specialists

Paul Johnston - IT Security Consultant / Tiger SST
PenTest Limited - ISO 9001 (44/100/107029) / ISO 27001 (IS 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK




More information about the websecurity mailing list