Risk factor : Difficulty of Exploit vs Business Impact

The Risk Factor concept used by the CCWAPPSS is the answer to the question : Could this vulnerability lead to major issues ?

To figure out the Risk Factor of a vulnerability, the auditor has to answer the following questions :
  • Is the exploitation of this vulnerability trivial or sophiticated ?
  • Could the exploitation of this vulnerability have an impact on the business activity ?

2 commentaires:

Grupo Cryptex a dit…

congratulation.

Dory a dit…

This is great info to know.