In Avalanche Vulnerability Assessment who rates the Severity Level
In Avalanche Vulnerability Assessment within the Attack Description there is a Severity Level of Critical, High, Moderate or Low. Who determines or where does this Severity level originate? Is it a Spirent decision on the Threat Severity or is it based on outside Agency input?
Best Answer
Hi Lenny
The severity level is based on the criteria of the threats impact and is based on a number of vectors associated with each threat - this is following outside agency criteria
Example - if a threat has all of these associated components as true it is flagged as critical
Server Compromise Non-Privileged Code ExecutionVery Broadly Deployed The Vulnerable Software is in Wide ENTERPRISE Deployment The Vulnerable Software is from a Major Enterprise VendorInfrastructure Assets Affected
