With all of the botnets doing so much damage, and wielding so much power that is harnessed by the wrong people, I encourage everyone (the 5 people who actually read this blog) to educate every home user you know to protect their systems. I am not naive enough to believe that we could ever have enough home systems patched to eradicate zombie systems on the net, but every system that is unusable as a weapon against spam, DDoS attacks, and the next (or current) storm worm is a start.
I implore everyone with the knowledge of system security to tech a class, update your Aunt's system next time you see her, and to encourage vendors to promote security on home PCs.
Monday, December 31, 2007
CVSS
The new CVSS version 2.0 was released in August of 2007 (OK, I'm a little behind) and I was very disappointed that the environmental score was not changed to include a parameter for the criticality of the asset in question. The environmental score is a large determinant of the final score, but it does not take into account the criticality of the asset in question. Yes, there may only be 4 of our systems affected by the latest sploit, but if they are your most critical e-commerce servers, then a low environmental score is not warranted in this situation. I like the CVSS scoring system as a means to prioritize risks for patching purposes, but the environmental score needs further work IMHO
Subscribe to:
Posts (Atom)