[VIM] Security Vulnerability Severity Classification

security curmudgeon jericho at attrition.org
Sun Jun 26 06:32:49 EDT 2005


Security Vulnerability Severity Classification
by Thomas Biege (thomas[at]suse.de)
27th January 2005


This paper will describe a method of classifying the severity of security 
bugs in software for Unix-like systems. On the following pages I will 
propose a metric with weights to describe the impact of vulnerabilities on 
a scala S with n elements to provide an objective rating system. This 
classification scheme should serve as reference for the SuSE Security Team 
for releasing security announcements. Hopefully this mechanism will be 
adopted by other vendors to have a vendor independent rating system. Such 
a vendor independent rating scheme will help customers, other vendors, and 
security companies/organisations to judge more precisely about the level 
of impact of a released security update.

More information about the VIM mailing list