Add answer to CVE and CVSS question (#231)
* Add answer to CVE and CVSS question Question : Explain CVE and CVSS What do you think ? * Update answer CVE and CVSS question Details added + some links
This commit is contained in:
parent
7d467579ea
commit
7e29d945ba
@ -256,6 +256,12 @@ You can test by using a stored procedure, so the application must be sanitize th
|
||||
|
||||
<details>
|
||||
<summary>Explain CVE and CVSS</summary><br><b>
|
||||
|
||||
[Red Hat](https://www.redhat.com/en/topics/security/what-is-cve#how-does-it-work) : "When someone refers to a CVE (Common Vulnerabilities and Exposures), they mean a security flaw that's been assigned a CVE ID number. They don’t include technical data, or information about risks, impacts, and fixes." So CVE is just identified by an ID written with 8 digits. The CVE ID have the following format: CVE prefix + Year + Arbitrary Digits.
|
||||
Anyone can submit a vulnerability, [Exploit Database](https://www.exploit-db.com/submit) explains how it works to submit.
|
||||
|
||||
Then CVSS stands for Common Vulnerability Scoring System, it attemps to assign severity scores to vulnerabilities, allowing to ordonnance and prioritize responses and ressources according to threat.
|
||||
|
||||
</b></details>
|
||||
|
||||
<details>
|
||||
|
Loading…
Reference in New Issue
Block a user