Add answer to CVE and CVSS question (#231)

* Add answer to CVE and CVSS question

Question : Explain CVE and CVSS
What do you think ?

* Update answer CVE and CVSS question

Details added + some links
This commit is contained in:
laumane 2022-05-04 07:43:13 +02:00 committed by GitHub
parent 7d467579ea
commit 7e29d945ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -256,6 +256,12 @@ You can test by using a stored procedure, so the application must be sanitize th
<details>
<summary>Explain CVE and CVSS</summary><br><b>
[Red Hat](https://www.redhat.com/en/topics/security/what-is-cve#how-does-it-work) : "When someone refers to a CVE (Common Vulnerabilities and Exposures), they mean a security flaw that's been assigned a CVE ID number. They dont include technical data, or information about risks, impacts, and fixes." So CVE is just identified by an ID written with 8 digits. The CVE ID have the following format: CVE prefix + Year + Arbitrary Digits.
Anyone can submit a vulnerability, [Exploit Database](https://www.exploit-db.com/submit) explains how it works to submit.
Then CVSS stands for Common Vulnerability Scoring System, it attemps to assign severity scores to vulnerabilities, allowing to ordonnance and prioritize responses and ressources according to threat.
</b></details>
<details>