Security people, which CVSS score do you prefer to use when evaluating vulnerabilities? Would love to hear your reasoning (as well as your poll vote)
-
Show this thread
Replying to @lizrice
My take is that v2 tends to severely underrate the potential consequences of vulnerabilities (especially XSS) in web applications. V3 often does as well, but at least it's easier to convey that XSS in the wrong place -> admin privileges on the webapp = DB and filesystem access
6:22 AM - 24 Mar 2020
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.