this post was submitted on 27 Dec 2023
529 points (98.2% liked)

Technology

59424 readers
3276 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 10 months ago* (last edited 10 months ago)

Ah, much better. MITRE CWSS + CWARF is comprehensive, yet insular and as is MITRE, Military/NATSEC Focused. I do not see any flaws in my reasoning, but words as communication. I do concede that maybe my saying an alternative to CVSS is not really the best wording as I see such things in very broad terms, but I get the perspective now. As in, the common singular, Gov/Corp system does not fit, I need an alternative model that does. In contrast to I need another exactly scoped system that does it differently alternative.

To evidence this I can point to that fact that I even advocated that CVSS-BTE v4.0 should be NVD baseline, but I didn't make this very clear that I'm expanding the CVSS as an alternative use, different in applicability, essential in nature, and somewhat built upon CVSS and OWASP with a different, very important objective.

Not replacment which I never intended.. I'll change the article to reflect those views, well done.