Long-lived security holes
Posted Jun 24, 2004 8:27 UTC (Thu) by wichert
Parent article: Long-lived security holes
As Linux vendors we are well aware of the fact that some security problems are more severe than others. What we would like to do is add some sort
of severity-rating to a vulnerability, much like microsoft already does for their advisories. Unfortunately we got stuck trying to come up with objective criteria for such a rating: there are a lot of factors involved and many of them will differ highly in severity depending on the environment in which a problem can occur. In the end we failed to decide on a single scheme.
If at some point someone can come up with a solid severity rating it is likely that it will be used at some point.
to post comments)