[ OWASP - Montreal ] Calculate or decide the risk of a vulnerability
benoit.guerette at gmail.com
Wed Dec 3 15:45:33 EST 2008
Using Nessus, you know exactly the CVSS value of a vulnerability.
But when you find something without a tool showing the CVSS, how to
you calculate or decide the level it is?
Example: "Information Leakage and Improper Error Handling" from OWASP
Top Ten, will you report High, medium or low?
I found a similar issue on
the CVSS1 is 5.0 so medium...
More information about the Owasp-montreal