Add answer to CVE and CVSS question (#231)
* Add answer to CVE and CVSS question Question : Explain CVE and CVSS What do you think ? * Update answer CVE and CVSS question Details added + some links
This commit is contained in:
laumane
GitHub
@ -256,6 +256,12 @@ You can test by using a stored procedure, so the application must be sanitize th
|
|||||||
|
|
||||||
<details>
|
<details>
|
||||||
<summary>Explain CVE and CVSS</summary><br><b>
|
<summary>Explain CVE and CVSS</summary><br><b>
|
||||||
|
|
||||||
|
[Red Hat](https://www.redhat.com/en/topics/security/what-is-cve#how-does-it-work) : "When someone refers to a CVE (Common Vulnerabilities and Exposures), they mean a security flaw that's been assigned a CVE ID number. They don’t include technical data, or information about risks, impacts, and fixes." So CVE is just identified by an ID written with 8 digits. The CVE ID have the following format: CVE prefix + Year + Arbitrary Digits.
|
||||||
|
Anyone can submit a vulnerability, [Exploit Database](https://www.exploit-db.com/submit) explains how it works to submit.
|
||||||
|
|
||||||
|
Then CVSS stands for Common Vulnerability Scoring System, it attemps to assign severity scores to vulnerabilities, allowing to ordonnance and prioritize responses and ressources according to threat.
|
||||||
|
|
||||||
</b></details>
|
</b></details>
|
||||||
|
|
||||||
<details>
|
<details>
|
||||||
|
|||||||
Reference in New Issue
Block a user