Respected Madam / Sir,
I am referring the following url to know about open-scap and Ubuntu secure
configuration.
https://static.open-scap.org/ssg-guides/ssg-ubuntu1604-guide-anssi_np_nt28_average.html
I have one query :
1. At present, the severities are labelled as unknown, low, medium and high.
a) Is there any mechanism or logic, which will quantify these severity
levels.
e.g. low : 0 to < 3, medium : 3 to < 6 and high : 6 to 9 (as given in
OWASP -
Owasp risk rating methodology. https://www.owasp.org/index.php/OWASP_
Risk_Rating_Methodolog)
b) If yes, requesting you share the information / document / url with
me.
Your guidance is vital to me - waiting for the reply.
Thanks & Regards
Harshad
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://www.redhat.com/mailman/listinfo/open-scap-list
