Jump to content

Talk:Vulnerability (computer security)

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 65.189.154.93 (talk) at 03:31, 27 April 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

I think this is a good idea -- the Software security vulnerability article can be used as part of the Vulnerability article.


I am curious, doesn't vulnerability need to say that its "vulnerable to" something? for example, we don't say that "New Orleans is vulnerable." We might say that "New Orleans has a high vulnerability to a Force 5 hurricane" but could we just say that the "New Orleans Levees have high vulnerabilities to hurricanes" I don't think so since they really were only vulnerable to level 5 and higher. There needs to be a force against. Or a Threat... in fact more specifically, there needs to be a specific amount of threat. Like FORCE 5 hurricanes. In computing, vendors have erroneously stated that a server has a high vulnerability... but often without regard to what amount threat. My server has almost no vulnerabilities if my threat agent is a four-year-old girl. But a skilled, malicious hacker sponsored by a terrorist state might make Swiss cheese of my server. Did my vulnerability just change based on the threat agent's capabilities? I think it did. Maybe we should consider adding something that states that vendors of security products typically over-generalize the acting threat agents... or do they even consider them?

Retrieved from "https://en.wikipedia.org/w/index.php?title=Talk:Vulnerability_(computer_security)&oldid=50367517"