|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: Level of Abstraction Issue: Similar Applications, "Same" Vulnerability
While I know I started this whole thing by saying "Same Attack" in the first place, I agree that there's better terminology to use, because we definitely don't want to emphasize the "attack" aspects of a vulnerability. Andre Frech used the term "Same Issue" which sounds OK, but I'm more in favor of "Same Error." I originally used "same attack" because it seemed to be a relatively concrete and repeatable way to describe the same type of vulnerability. I agree with Russ that the vulnerability exploited by Sechole is different than other vulnerabilities that grant privileges when exploited. In that particular case, it is my inexperience with the details of NT vulnerabilities that caused that particular wording to be used. As Russ pointed out, in some cases we may not be given enough information to truly identify the nature of a vulnerability (it's not just Microsoft that does this). But as more details emerge, perhaps the description can be modified somewhat to be more accurate. - Steve
|
||||
