Re: Vulnebrability level definition

• Previous message: Discussion Lists: "RE: dsniff-like tool?"
• In reply to: Andres Martinez: "Vulnebrability level definition"
• Next in thread: Per Niila Albinsson: "Re: Vulnebrability level definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 11 Feb 2003 14:54:55 -0500 (EST)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: Andres Martinez <artiman@insightbb.com>

Part of this depends upon the technical savvy of the folks you are trying
to communicatew with. And there is prolly alot of confusion with various
rating methods in place depending upon whence one seeks such info, nessus
I think uses params much like you state here, I think mitre.org uses
something a tad different, while SAN' weekly vulnerability assessments
look to rate much as you do here. I kinda like the SANS rating methid and
would suggest that might work as a template for you to go by.

Thanks,

Ron DuFresne

On Tue, 11 Feb 2003, Andres Martinez wrote:

> I need a good definition for the levels of severity related with
> vulnerabilities
> I'm using Very High, High, Mid , Low, Warning
>
> Any documentation, definition or Internet URL will be appreciated
>
> Tks
>
> Andres M
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: kevin mckay: "linux l0pht"
• Previous message: Discussion Lists: "RE: dsniff-like tool?"
• In reply to: Andres Martinez: "Vulnebrability level definition"
• Next in thread: Per Niila Albinsson: "Re: Vulnebrability level definition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: SQL ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Insurance ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Pen-Testing Lotus Notes/Domino ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) R: Pen-Testing help (Compaq Insight & htsearch) ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Application & Iplanet/Apache web server vulnerability and penetration testing ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test)