Updating "criticality" levels to match scores
Posted by greggles on June 17, 2015 at 9:00pm
A while ago, after a lot of great research and work (mostly by Michael Hess), we rolled out a new style of scoring individual security advisories. The system is based on NIST's scoring at https://t.co/Pvhzn9CHP2
For example, a recent issue had a "score" of
7/25 AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All
The score and coding is meant to explain the risk, but it's rather cryptic.
To try to be more "human friendly" we also still say things like "Highly Critical" and "Less Critical" and "Not Critical".
Read more