Risk factor : Difficulty of Exploit vs Business Impact

The Risk Factor concept used by the CCWAPPSS is the answer to the question : Could this vulnerability lead to major issues ?

To figure out the Risk Factor of a vulnerability, the auditor has to answer the following questions :
  • Is the exploitation of this vulnerability trivial or sophiticated ?
  • Could the exploitation of this vulnerability have an impact on the business activity ?

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)