"Accurate CVSS Scoring in PCI ASV Scans" http://j.mp/165t6Ny
-
-
@attritionorg : Agree that this is the case as soon as you use CVSS 2 to model anything beyond classical network based code exec? -
@thierryzoller that too, but his examples are just dead wrong. he hasn't read the CVSS specs. -
@attritionorg : the specs are awefull as well, sorry. You just can't model reliably and consistently -
@thierryzoller right, @carsteneiram and I wrote an extensive critique of CVSS. that said, he still isn't following specs *at all* -
@attritionorg @carsteneiram agree, btw had a stab at it last year ago as well http://blog.zoller.lu/2012/03/cvss-common-vulnerability-scoring.html …#me_stabbed_first ;P -
@thierryzoller @carsteneiram Nice, you attack all of the elements we didn't. We focused on Base score only. -
@attritionorg thanks for the feedback , happy see it complements your work
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.