Dear @ncircletweets, if you rant about CVSS, don't score your 2nd example incorrectly to make your case. http://bit.ly/XPtQr1
-
-
Replying to @attritionorg
@attritionorg@ncircletweets Scores are from NVD (for an example see CVE-2010-2863). I can provide other examples if you like.1 reply 0 retweets 0 likes -
Replying to @treguly
@treguly@ncircletweets NVD uses junior BAH consultants to score, not so reliable. context-dep code exec is not 10.0 (AC=M not L)1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@ncircletweets Even then, CVSS is still highly flawed. A great example: user interaction vulns are labelled as remotes.2 replies 0 retweets 0 likes -
Replying to @treguly
@treguly@ncircletweets Saying that if you point out faults, make sure they are based on accurate scoring per current guidelines.1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@ncircletweets I've updated to the post with a note referencing the source of the CVSS scores and why I used it.1 reply 0 retweets 0 likes
@treguly @ncircletweets Excellent. If you email NVD with a CVSS scoring dispute, they are generally quick to address it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.