.@newshtwit @chrisrohlf @jduck the difference in exploitability assessment accuracy is prolly related to vuln type
-
-
Replying to @SushiDude
@SushiDude@newshtwit@chrisrohlf i'll have to agree that vuln type influences assessment accuracy substantially, and certainly root causing3 replies 0 retweets 0 likes -
Replying to @jduck
.
@jduck@newshtwit@chrisrohlf (and if your 1st defense is "that's what CWE should be doing" then yes but a guy can whine can he not?)1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude@chrisrohlf@newshtwit it's true that not enough people study cwe. also sometimes new techniques are needed both for rca and expl1 reply 0 retweets 0 likes -
Replying to @jduck
@jduck@SushiDude@chrisrohlf@newshtwit CWE was neat early on. now, it is too abstracted, too complex. CERT-VU taught us this recently1 reply 0 retweets 1 like -
Replying to @attritionorg
.
@attritionorg@jduck@chrisrohlf@newshtwit not a surprise that as vuln complexity grows, CWE challenges grow too. Still painful :-/1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude@jduck@chrisrohlf@newshtwit entirely right, but argument to be made for 'over abstraction' too.1 reply 0 retweets 1 like -
Replying to @attritionorg
.
@attritionorg ideally could handle complex vulns w/mult CWEs (gotofail=6?). Yet simplicity becomes secondary@jduck@chrisrohlf@newshtwit1 reply 0 retweets 0 likes -
Replying to @SushiDude
@SushiDude@jduck@chrisrohlf@newshtwit if CWE was designed for that sure, it wasn't.1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg@jduck@chrisrohlf@newshtwit CWE tries to link diverse perspectives (both human/tool) yet becomes perfect for none :(1 reply 0 retweets 0 likes
@SushiDude @jduck @chrisrohlf @newshtwit fuck that. choose your battle. serve non-security, or serve security. you can't have both.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.