Comment Re:MSFT employee here (Score 1) 543
Damage potential
Reproducibility
Exploitability
Affected Users
Discoverability
It's actually becoming an ad hoc standard for vulnerability risk assessment, used by many non-MS-oriented camps of security professionals. The same can not be said for the STRIDE system for classifying the type of vulnerability, which is obtuse and and disjoing... better approaches are the OWASP top 10, and the WASC vulnerability classification system.
Reproducibility
Exploitability
Affected Users
Discoverability
It's actually becoming an ad hoc standard for vulnerability risk assessment, used by many non-MS-oriented camps of security professionals. The same can not be said for the STRIDE system for classifying the type of vulnerability, which is obtuse and and disjoing... better approaches are the OWASP top 10, and the WASC vulnerability classification system.
