Re: goals for hardening Debian: ideas and help wanted

To: Rowan Thorpe <rowan@rowanthorpe.com>
Cc: Paul Wise <pabs@debian.org>, debian-security <debian-security@lists.debian.org>, debian-devel <debian-devel@lists.debian.org>
Subject: Re: goals for hardening Debian: ideas and help wanted
From: Richard van den Berg <richard@vdberg.org>
Date: Thu, 24 Apr 2014 11:24:00 +0200
Message-id: <[🔎] 7F6371FD-0EE0-4F36-8F36-7736F65E75ED@vdberg.org>
In-reply-to: <[🔎] 20140424080627.GB31307@hernia>
References: <[🔎] 1398308259.7980.49.camel@chianamo> <[🔎] 20140424080627.GB31307@hernia>

> I suggest it might be better if exploits were each given a quick/approximate
> "ranking" in terms of severity (and if the severity is unknown it could be
> assigned a default median ranking), so that the algorithm you mention wouldn't
> just add number of unplugged exploits, but add them by weight

That is a good idea. The Common Vulnerability Scoring System was invented for this purpose:  http://en.wikipedia.org/wiki/CVSS

Kind regards,

Richard

Reply to:

References:
- goals for hardening Debian: ideas and help wanted
  - From: Paul Wise <pabs@debian.org>
- Re: goals for hardening Debian: ideas and help wanted
  - From: Rowan Thorpe <rowan@rowanthorpe.com>

Prev by Date: Re: goals for hardening Debian: ideas and help wanted
Next by Date: Re: goals for hardening Debian: ideas and help wanted
Previous by thread: Re: goals for hardening Debian: ideas and help wanted
Next by thread: Re: goals for hardening Debian: ideas and help wanted
Index(es):
- Date
- Thread