SecurityRatty: tag: severity

Severity Rating Systems - Part 1

2007-11-02 21:32:42 by jrjones in Jeff Jones Security Blog

...severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD) - found at http://nvd.nist.gov So, let me say that in my opinion, some of the concerns raised by Red Hat have merit and mirror some of the issues I've raised myself On the other hand, the Red Hat motivation seems to be to...

Tags: red hat, red hat motivation, impugn vulnerability comparisons, posts, follow-up posts, national vulnerability database, low severity ratings, systems, nist

New Firefox 3.0 Is Vulnerable To High-Severity Code Execution

2008-06-19 02:10:52 by CyberInsecure in CyberInsecure.com

Code execution vulnerability found in latest Firefox 3.0 could allow an attacker to execute arbitrary code, permitting the attacker to completely take over the vulnerable process, potentially allowing the machine running the process to be completely controlled by the attacker. The flaw found in Firefox 3.0 is considered a high-severity risk and...

Tags: firefox, vulnerable process, process, execute arbitrary code, code execution vulnerability, attacker, completely, high-severity risk, affects

Q1 2008 - Client OS Vulnerability Scorecard

2008-05-14 23:04:00 by jrjones in Jeff Jones Security Blog

...severity vulnerabilities while Windows Vista users experienced the fewest and the fewest High severity vulnerabilities Here is the chart breaking down all of the OSes by NVD severity ratings Download the attached paper for full details Share this post

Tags: severity vulnerabilities, vulnerabilities, microsoft windows vista, mac, apple mac, microsoft windows, users, windows vista users, client

Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

2007-10-16 17:23:36 by jrjones in Jeff Jones Security Blog

...severity and 479 were Medium severity, but still, that is a ton of work accomplished by that team, especially given that the product only shipped in February of 2005 To put that in context, (again by my calculations) Microsoft has fixed only 649 security vulnerabilities for all supported products across the company since the year 2000

Tags: red hat, fixed, software flaws fixed, red hat truth, team fixed, microsoft, security vulnerabilities, team, minor bugs

Getting vulnerabilities in the application fixed

2007-10-27 13:20:07 by RaviC in Musings on Information Security

...severity" (how bad if the vulnerability is exploited) and "threat" (how likely the vulnerability exploit is) and communicate this list to the software development team. Give the software development manager time to fix the vulnerabilities - usually the time that the software development manager thinks that is acceptable If the vulnerabilities...

Tags: vulnerabilities, software development manager, vulnerabilities based, risk acceptance form, risk, severitythreat vulnerabilities, form, form acknowledge, application

Microsoft Security Intelligence Report 2H07

2008-04-23 14:03:16 by jrjones in Jeff Jones Security Blog

...severity than was previously the case. The vulnerabilities disclosed in 2007 continue this trend, with High-severity vulnerabilities accounting for about half of the total number of vulnerabilities Vulnerabilities requiring a Low-level of complexity in order to exploit accounted for about half of all vulnerabilities disclosed in 2H07....

Tags: score vulnerabilities, vulnerabilities, report, security intelligence report, high-severity vulnerabilities, trend, disclosures, level trend chart, vulnerability disclosures

Download: Internet Explorer and Firefox Vulnerability Analysis

2007-11-30 16:01:00 by jrjones in Jeff Jones Security Blog

...severity, looks at version-over-version trends for each browser and finally examines how each browser is doing in terms of unfixed vulnerabilities Share this post

Tags: firefox, internet explorer, internet, firefox vulnerabilities, security, browser security, vulnerabilities, browser, web browser

Microsoft Security Intelligence Report - 1st Half 2007

2007-10-23 16:35:43 by jrjones in Jeff Jones Security Blog

...severity vulnerabilities continue to grow significantly, while the overall total flattened out. In the full report, you'll also note a trend reversal with complexity to exploit dropping as well There are a couple of other interesting results that I want to call out that you should examine with more detail in the full report Social engineering...

Tags: total vulnerabilities, vulnerabilities, report, severity vulnerabilities continue, software vulnerabilities, malicious software, sir results, software, results

July 2007 - Operating System Vulnerability Scorecard

2007-08-16 22:47:26 by jrjones in Jeff Jones Security Blog

...severity vulnerabilities Finally, if I had one surprise in the charts, it was that I expected RHEL5 to be further distinguished from (ie, much lower than) RHEL4 in the YTD charts, given that it did not ship until March Year-to-date 2007 Client and Server Charts - Full Set of Supported Components RHEL Desktop 5 shipped in March, so only...

Tags: server, linux server builds, server charts, charts, ytd charts, non-linux products, linux products, linux products comments, common server roles

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo