[Owasp-testing] CVSS v2

Colin Watson colin.watson at owasp.org
Fri May 10 07:18:53 UTC 2013


Christian

Very useful points and references, which I don't disagree with.

For custom-built web applications, which I think was the original
question, I would personally not use CVSS2. I am keeping my eyes on
CWRAF and CWSS:

   http://cwe.mitre.org/cwraf/

Colin


More information about the Owasp-testing mailing list