In Avalanche Vulnerability Assessment within the Attack Description there is a Severity Level of Critical, High, Moderate or Low. Who determines or where does this Severity level originate? Is it a Spirent decision on the Threat Severity or is it based on outside Agency input?
Answer by rwcmjack · Mar 06, 2015 at 07:23 PM
Hi Lenny
The severity level is based on the criteria of the threats impact and is based on a number of vectors associated with each threat - this is following outside agency criteria
Example - if a threat has all of these associated components as true it is flagged as critical
Server Compromise Non-Privileged Code ExecutionVery Broadly Deployed The Vulnerable Software is in Wide ENTERPRISE Deployment The Vulnerable Software is from a Major Enterprise VendorInfrastructure Assets Affected
Copyright 2008- Spirent Communications, all rights reserved. Terms and Conditions.