[cabf_netsec] Fwd: [cabforum/documents] NetSec: suggested CVSS updates (#156)
ndunbar at trustcorsystems.com
Thu Jan 23 06:11:17 MST 2020
Added to today's agenda. So much for 'Final' agenda :-)
On 23/01/2020 13:02, Dimitris Zacharopoulos (HARICA) via Netsec wrote:
> Please consider this at the next netsec meeting. If the subcommittee
> thinks this change is justified and is deemed non-controversial, it
> may consider adding it in an upcoming ballot.
> -------- Forwarded Message --------
> Subject: [cabforum/documents] NetSec: suggested CVSS updates (#156)
> Date: Wed, 22 Jan 2020 20:10:32 -0800
> From: Josh Aas <notifications at github.com>
> Reply-To: cabforum/documents
> <reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA at reply.github.com>
> To: cabforum/documents <documents at noreply.github.com>
> CC: Subscribed <subscribed at noreply.github.com>
> Passing this report/suggestion along from a community member.
> Relating to the definition of "Critical Vulnerability":
> 1. This link seems outdated:
> Perhaps a better link would be:
> This also has the advantage of being an https link.
> 2. CVSS v3.0 defines critical as 9.0 or above. The NetSec guidelines
> currently say CVSS 7.0 or higher is critical. Should the NetSec
> guidelines be changed to define critical as 9.0, in line with the
> CVSS ratings, or is NetSec intentionally lowering the bar for
> what's considered critical to 7.0?
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> or unsubscribe
> Netsec mailing list
> Netsec at cabforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Netsec