|
|
|
|
|
|
by tptacek
3923 days ago
|
|
|
I gave Heartbleed no integrity impact. The funny thing is: bumping up "integrity" from zero to nonzero only gets you from 8.x to 9.x. Which is obviously ridiculous! All things being equal, the difference between RCE (which CVSS can only encode as "integrity") and anything else is night and day. I really dislike CVSS, and I think I speak for a big chunk of software security when I say that. |
|
|