General discussion

Locked

Bring order to chaos

By Neil Higgins ·
With the Common Vulnerability Scoring System,which calls for a unified plan to rating vulnerabilities in software.1-10 seems to be the target score.Guess who does'nt want to play?

http://news.com.com/Plan+lets+users+be+the+judge+of+flaws/2100-1002_3-5869923.html?tag=nefd.top

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Well my wild stab in the dark would be

by Tony Hopkinson In reply to Bring order to chaos

Microsoft

10 out of 10 for me

Too clever for my own good sometimes.

I loved 'Our customers say our rating system is valuable to them'. Well it was an improvement on Vulnerability ????

Collapse -

Could mean

by Neil Higgins In reply to Well my wild stab in the ...

Being vulnerable, OS exposed to suffering,or threats while lacking abilities or resources to cope with these.Vulnerability means not lack or want but exposure and defencelessness.It has two sides: the external side of exposure to shock, stress and risk; and the internal side of defencelessness, meaning a lack of means to cope without damaging loss.Critical updates are thus essential.

Collapse -

Did we cross purposes there ?

by Tony Hopkinson In reply to Could mean

I was referring to the fact that ms customer's consider their threat evaluation so great they wouldn't even consider having a better one or even worse diluting it with a useful comparison with other vendors.

Collapse -

Taking the Magic out of Risk Analysis

by rwhite In reply to Bring order to chaos

I think this is a great idea. Risk Analysis is at one point just "MAGIC" leaving the IT professionals guessing. This will make vendors liable and reliable for their vunerabilities and risks they cause to companies. It is a shame that Microsoft (which was a strong force and leader in adopting and creating "Industry Standards") has become a playground bully that is holding the "ball" stoping others they don't like from playing. We need a playground monitor...
"Kids can we all play together and Micrsoft play fair with your peers."

Collapse -

Assigning a numerical schema

by beads In reply to Taking the Magic out of R ...

Assigning a numeric scheme to things would indeed make Microsoft's world a more difficult one. Not that I am a big M$ fan, by no means, it would put them in a position to be more fairly critized has having an average numerical score for everyone else to beat.

For example, say M$ had 10 'extremely critical' and one 'moderately critical' bugs to be listed for an average of 9.7 Every other competing vendor would likely be rushing to thier PR/Marketing types annoucing there score this quarter or year, etc. was only say 6.1 Leaving M$ looking even more security lapse than they are now.

Its really a no win for MickeySquishy. I for one like the idea even more because of it.

- beads

Collapse -

I like your thinking

by Neil Higgins In reply to Assigning a numerical sch ...

What would be very funny,if everyone was "floated" on the stock exchange by their numerical scheme score.Naw,that would'nt be fair,the lawyers of squishy :) would blame the EU for fiddling the maths.

Back to Security Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums