[cabf_netsec] Fwd: [cabforum/documents] NetSec: suggested CVSS updates (#156)
Dimitris Zacharopoulos (HARICA)
dzacharo at harica.gr
Thu Jan 23 06:02:22 MST 2020
Please consider this at the next netsec meeting. If the subcommittee
thinks this change is justified and is deemed non-controversial, it may
consider adding it in an upcoming ballot.
Dimitris.
-------- Forwarded Message --------
Subject: [cabforum/documents] NetSec: suggested CVSS updates (#156)
Date: Wed, 22 Jan 2020 20:10:32 -0800
From: Josh Aas <notifications at github.com>
Reply-To: cabforum/documents
<reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA at reply.github.com>
To: cabforum/documents <documents at noreply.github.com>
CC: Subscribed <subscribed at noreply.github.com>
Passing this report/suggestion along from a community member.
Relating to the definition of "Critical Vulnerability":
1. This link seems outdated:
http://nvd.nist.gov/home.cfm
Perhaps a better link would be:
https://nvd.nist.gov/vuln-metrics/cvss
This also has the advantage of being an https link.
2. CVSS v3.0 defines critical as 9.0 or above. The NetSec guidelines
currently say CVSS 7.0 or higher is critical. Should the NetSec
guidelines be changed to define critical as 9.0, in line with the
CVSS ratings, or is NetSec intentionally lowering the bar for what's
considered critical to 7.0?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<https://github.com/cabforum/documents/issues/156?email_source=notifications&email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACAMQEQKD45WD5IRLJEATV3Q7EKDRANCNFSM4KKQNHZA>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200123/dad936ea/attachment-0001.html>
More information about the Netsec
mailing list