[Openvas-devel] Resolving CVSS-Severity mismatches
Sébastien AUCOUTURIER
s.aucouturier at itrust.fr
Mon Dec 5 13:15:57 CET 2011
I agree with the idea
as i already send to the openvas-plugin list, this kind of mismatch
between CVSS ,severity category, risk factor, in some plugins
But
i do not agree with the scoring you use,
mine proposal should be
CVSS = 0.0 -> log_message()
0 <= CVSS <= 3.9 -> security_note()
4.0 <= CVSS <= 6.9 -> security_warning()
7 <= CVSS <= 10 -> security_hole()
About the process to change CVSS, is it possible to make a process like
nmap use for os and service detection , a community contribution ?
Where ask for modification will be send to the plugin developper, who
may correct or justify his choice throught a request tracker ?
--
| Sébastien AUCOUTURIER | Software Design Engineer Lead |
| ITrust | 55 rue l'Occitane BP 67303 31673 LABEGE CEDEX
| Email: s.aucouturier at itrust.fr | Fixe Sdt. 05.67.34.67.80 | Fax. 09.80.08.37.23
| IT Security Services & SaaS Editor |
More information about the Openvas-devel
mailing list