"High" Severity means that a lot of damange can be done if the vulnerability is exploited (in other words intruder gets root permissions) In some cases intruder gets "nobody" permissions, Anyway
Severity ratings means what/how much damage can be done if the vulnerability is exploited. Where as Risk Factor means how probable it is that this vulnerability will be exploited, based on certain factors that an exploit for that vulnerability is released or not, and if it's been exploited / scanned massively these days or in the past, Anyway Risk Factor just tries to determine how likely that vulnerability will be abused. I suggest you look forward for both extremes. As in patch for both extremes Risk Factor as well as Severity. Regards, --------- Muhammad Faisal Rauf Danka Chief Technology Officer Gem Internet Services (Pvt) Ltd. web: www.gem.net.pk Vice President Pakistan Computer Emergency Responce Team (PakCERT) web: www.pakcert.org Chief Security Analyst Applied Technology Research Center (ATRC) web: www.atrc.net.pk On Fri, 31 May 2002, tony toni wrote: <<SNIP>> _____________________________________________________________ --------------------------- [ATTITUDEX.COM] http://www.attitudex.com/ --------------------------- _____________________________________________________________ Promote your group and strengthen ties to your members with [EMAIL PROTECTED] by Everyone.net http://www.everyone.net/?btn=tag
