[VIM] Security Vulnerability Severity Classification
security curmudgeon
jericho at attrition.org
Sun Jun 26 06:32:49 EDT 2005
http://www.suse.de/~thomas/papers/Severity-Metric.pdf
Security Vulnerability Severity Classification
by Thomas Biege (thomas[at]suse.de)
27th January 2005
Abstract
This paper will describe a method of classifying the severity of security
bugs in software for Unix-like systems. On the following pages I will
propose a metric with weights to describe the impact of vulnerabilities on
a scala S with n elements to provide an objective rating system. This
classification scheme should serve as reference for the SuSE Security Team
for releasing security announcements. Hopefully this mechanism will be
adopted by other vendors to have a vendor independent rating system. Such
a vendor independent rating scheme will help customers, other vendors, and
security companies/organisations to judge more precisely about the level
of impact of a released security update.
More information about the VIM
mailing list