Source |
McAfee Labs |
Identifiant |
705904 |
Date de publication |
2017-11-24 14:00:05 (vue: 2018-06-15 13:27:58) |
Titre |
Don\'t Substitute CVSS for Risk: Scoring System Inflates Importance of CVE-2017-3735 |
Texte |
I am a wry observer of vulnerability announcements. CVE-2017-3735-which can allow a small buffer overread in an X.509 certificate-presents an excellent example of the limitations of the Common Vulnerability Scoring System (CVSS). This scoring system is the de facto security industry standard for calculating and exchanging information about the severity of vulnerabilities. The problem is …
|
Envoyé |
Oui |
Condensat |
2017 3735 509 about allow announcements appeared blogs buffer calculating can certificate common cve cvss don example excellent exchanging facto first importance industry inflates information limitations mcafee observer overread post presents problem risk: scoring security severity small standard substitute system vulnerabilities vulnerability which wry |
Tags |
|
Stories |
|
Notes |
★★★★
|
Move |
|