"Fu, Huihsing (Huihsing)" <[EMAIL PROTECTED]> writes: > 1. How is severity determined?
Mmmm... Although this is a common question, I wonder if the answer should be in the FAQ :-\ There is *no* norm for severity or risk. > 2. The severity is either high or low. Is there a medium? Not sure. But I've seen "extreme" in one script at least and "None" in several information gathering scripts. > 3. How do I modify the program if I want to change the severity > associated with a security hole? Just edit the NASL script. However, I planned to write a kind of report editor. Not that I really need it, but I found this way to practice PerlTk And I don't really have an opinion on point (4)... -- mailto:arboi@;bigfoot.com GPG Public keys: http://michel.arboi.free.fr/pubkey.txt http://michel.arboi.free.fr/ http://arboi.da.ru/ FAQNOPI de fr.comp.securite : http://faqnopi.da.ru/ - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
