[Openvas-discuss] CVSS Risk Factor Limits

Dave Howland dave.howland at chauntry.com
Wed Dec 4 18:09:09 CET 2013


It would appear that the lower limit for medium risk vulnerabilities in OpenVAS is 2.0, whereas in Nessus and our external ASV scans the lower limit is 4.0; this is the limit accepted by our security assessor for PCI.

Is there a way to change the OpenVAS risk limits to reflect what our security assessor expects to see i.e. Low is 0.0 to 3.9, Medium is 4.0 to 6.9 and High is 7.0 to 10.0.

Many thanks.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20131204/49028edd/attachment.html>


More information about the Openvas-discuss mailing list