Friday, September 16, 2005

Plan lets users be the judge of flaws

Joris Evers writes in C|Net News:

A plan to make it easier for companies to determine how hard they could be hit by security flaws is ready for prime time, according to its backers.

The Common Vulnerability Scoring System plan calls for a unified approach to rating vulnerabilities in software, to replace the proprietary methods many technology companies and security vendors use when determining the impact of a flaw.

The Common Vulnerability Scoring System, or CVSS, was developed under the auspices of the National Infrastructure Advisory Council, which advises President Bush about the security of information systems for critical infrastructure. FIRST, a worldwide consortium of security incident response teams such as the United States Computer Emergency Readiness Center, coordinates further CVSS development.

On Monday, FIRST plans to announce a push for wide-scale adoption of CVSS. Backers believe the rating system is ready to move into more general use after being a work-in-progress for the past year and a half. It was released publicly in late February, when a group of about 30 companies started testing it.

0 Comments:

Post a Comment

<< Home