Security Vulnerability Severity Classification

http://www.suse.de/~thomas/papers/Severity-Metric.pdf

Security Vulnerability Severity Classification
by Thomas Biege (thomas[at]suse.de)
27th January 2005

Abstract

This paper will describe a method of classifying the severity of security bugs in software for Unix-like systems. On the following pages I will propose a metric with weights to describe the impact of vulnerabilities on a scala S with n elements to provide an objective rating system. This classification scheme should serve as reference for the SuSE Security Team for releasing security announcements. Hopefully this mechanism will be adopted by other vendors to have a vendor independent rating system. Such a vendor independent rating scheme will help customers, other vendors, and security companies/organisations to judge more precisely about the level of impact of a released security update.

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 5,028 other followers

%d bloggers like this: