Hacker News new | ask | show | jobs
by wglb 2115 days ago
I've been in security for a while and once received a report of a CVSS score that was egregiously high at Critical.

I modified the assumptions that were made by the reporter and came out with Low.

This is one example of why this is a nonsense metric.
1 comments
jsploit 2115 days ago
Any metric is nonsense if used improperly.
link
wglb 2115 days ago
I am arguing that there is no proper way to use this.
link
refulgentis 2114 days ago
Any ouija board lies with the wrong seance supervisor
link