Versions Compared

Old Version 4

changes.mady.by.user Stephen Terrill

Saved on

compared with

New Version 5

changes.mady.by.user Stephen Terrill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: remove uncessary whitespace

...

Operating Structure

...

  1. Send CVE request email to NIST/NVD  (TBD)
  2. Agree on disclosure date with original reporter. This      will most likely need to fall on a Tuesday,  Wednesday, or a Thursday. Ensure a      developer a developer is available at that time to push up the fix.
  3. Re-test the patch. Ensure that it still applies to the      various the various branches and that all unit tests pass.

...

  • Critical: This rating is given      to flaws that could be easily exploited by a remote unauthenticated      attacker and lead to system compromise (arbitrary code execution) without      requiring user interaction. These are the types of vulnerabilities that      can be exploited by worms. Flaws that require an authenticated remote user,      a local user, or an unlikely configuration are not classed as Critical      impact.
  • High: This rating is given      to flaws that can easily compromise the confidentiality, integrity, or      availability or availability of resources. These are the types of vulnerabilities that allow      local users to gain privileges, allow unauthenticated remote users to view      resources that should otherwise be protected by authentication, allow      authenticated remote users to execute arbitrary code, or allow local or      remote users to cause a denial of service.
  • Moderate: This rating is given      to given to flaws that may be more difficult to exploit but could still lead to      some to some compromise of the confidentiality, integrity, or availability of      resourcesof resources, under certain circumstances. These are the types of vulnerabilities      that vulnerabilities that could have had a Critical impact or high impact but are less easily      exploited easily exploited based on a technical evaluation of the flaw, or affect unlikely      configurationsunlikely configurations.
  • Low: This rating is given      to all other issues that have a security impact. These are the types of      vulnerabilities that are believed to require unlikely circumstances to be      able to be exploited, or where a successful exploit would give minimal      consequences.

...