Security Vulnerability Severity Classification

Security Vulnerability Severity Classification
by Thomas Biege (thomas[at]
27th January 2005


This paper will describe a method of classifying the severity of security bugs in software for Unix-like systems. On the following pages I will propose a metric with weights to describe the impact of vulnerabilities on a scala S with n elements to provide an objective rating system. This classification scheme should serve as reference for the SuSE Security Team for releasing security announcements. Hopefully this mechanism will be adopted by other vendors to have a vendor independent rating system. Such a vendor independent rating scheme will help customers, other vendors, and security companies/organisations to judge more precisely about the level of impact of a released security update.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: