Ganesh Iyappan wrote: > Hi Folks, > > > > I am wondering if there any common source which defines the severity > level of any vulnerability stating that its high/medium or informational > or every vendor who develop VA tools classify the severity levels on > their own? Thanks in advance
In my opinion, most vendors who produce a VA tool classify the severity levels themself. There is sometimes even a difference in these values for actually the same flaw Nessus uses the "standard" CVSS base for vulnerability scoring see http://www.first.org/cvss/ for more info. where CVSS base = severity level: 0-3 = low 4-6 = medium 7-9 = high 10 = critical -- Ferdy _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
