[cabf_netsec] Fwd: [cabforum/documents] NetSec: suggested CVSS updates (#156)
Neil Dunbar
ndunbar at trustcorsystems.com
Thu Jan 23 06:11:17 MST 2020
Added to today's agenda. So much for 'Final' agenda :-)
Thanks,
Neil
On 23/01/2020 13:02, Dimitris Zacharopoulos (HARICA) via Netsec wrote:
>
> Please consider this at the next netsec meeting. If the subcommittee
> thinks this change is justified and is deemed non-controversial, it
> may consider adding it in an upcoming ballot.
>
> Dimitris.
>
>
> -------- Forwarded Message --------
> Subject: [cabforum/documents] NetSec: suggested CVSS updates (#156)
> Date: Wed, 22 Jan 2020 20:10:32 -0800
> From: Josh Aas <notifications at github.com>
> Reply-To: cabforum/documents
> <reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA at reply.github.com>
> To: cabforum/documents <documents at noreply.github.com>
> CC: Subscribed <subscribed at noreply.github.com>
>
>
>
> Passing this report/suggestion along from a community member.
>
> Relating to the definition of "Critical Vulnerability":
>
> 1. This link seems outdated:
>
> http://nvd.nist.gov/home.cfm
>
> Perhaps a better link would be:
>
> https://nvd.nist.gov/vuln-metrics/cvss
>
> This also has the advantage of being an https link.
>
> 2. CVSS v3.0 defines critical as 9.0 or above. The NetSec guidelines
> currently say CVSS 7.0 or higher is critical. Should the NetSec
> guidelines be changed to define critical as 9.0, in line with the
> CVSS ratings, or is NetSec intentionally lowering the bar for
> what's considered critical to 7.0?
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <https://github.com/cabforum/documents/issues/156?email_source=notifications&email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/ACAMQEQKD45WD5IRLJEATV3Q7EKDRANCNFSM4KKQNHZA>.
>
>
> _______________________________________________
> Netsec mailing list
> Netsec at cabforum.org
> http://cabforum.org/mailman/listinfo/netsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/netsec/attachments/20200123/16dc6dc9/attachment.html>
More information about the Netsec
mailing list