Firms give flaws a grade

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: Patching up problems
January 28, 2005; Flaw finders go their own way
January 26, 2005; Linux lasting longer against Net attacks
December 22, 2004

SAN FRANCISCO--With an eye to guiding companies on which software problems to patch first, Cisco Systems, Symantec and Qualys plan to launch a joint grading system for security vulnerabilities.

The ratings will consist of three numbers, Gerhard Eschelbeck, the chief technology officer at security information provider Qualys said on Tuesday.

The first will be a baseline estimate of the severity of the flaw. The second will rate the bug depending on how long it has been around, and therefore how likely it is that companies have patched against it. The third will measure the threat a vulnerability poses to a specific corporate network. Each will take five or six factors into account for the measurement.

Special coverage
RSA conference

All the latest from the security confab in San Francisco.

The companies plan to announce the first version of the system on Thursday, Eschelbeck said. They are proposing that vulnerability trackers such as BugTraq use the approach to label the severity of new software bugs. Businesses can take the ratings to calculate the level of risk on their own network, to generate a single grade, depending on factors such as how reliant they are on the affected software.

"There are three numbers, but customers will deal with a specific final number," he said. "You can see right out of the get-go how vulnerable you are."

The launch, which will be made at the RSA Conference 2005 here this week, is the fruit of a partnership of Redwood Shores, Calif.-based Qualys, networking giant Cisco and security company Symantec. It is designed to provide the first systematic grading of flaws that can be used by companies to assess damage to their vulnerable systems and to prioritize patching.

The ratings could also offer insight into the severity of flaws on the different computing platforms, such as Microsoft Windows, the open-source Linux and Apple Computer's Mac OS X.

See more CNET content tagged:
Qualys Inc., severity, Cisco Systems Inc., rating, RSA Security Inc.

Latest tech news headlines

Report: MP3 players threaten users' hearing
Posted in News - Digital Media by Steven Musil

October 12, 2008 2:30 PM PDT
280 Slides: PowerPoint made fast and easy, online
Posted in Webware by Bob Walsh

October 12, 2008 1:26 PM PDT
More MacBook rumors and pics surface
Posted in News - Apple by Dan Farber

October 12, 2008 1:22 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IBM invests in business partners' training
A business development fund aims to encourage its largest partners to take up more skills training around data centers.
Gallery
Photos: Top 10 reviews of the week
News - Apple
More MacBook rumors and pics surface
With the new MacBook unveiling on Tuesday, the blogosphere is alive with the latest rumors and pictures of Apple's new hardware.
Coop's Corner
Ellison's mantra: Spend, baby, spend
It may be hell out there, but Oracle's chief tells shareholders the company still intends to shop for more acquisitions.
Video
Sprint launches Xohm WiMax
News - Digital Media
Report: MP3 players threaten users' hearing
People who listen to personal music players for only five hours a week at a high volume may be doing permanent damage to their hearing, according to a team of EU experts.
Video
Talking with Newt Gingrich on tech, bailout
News - Politics and Law
President signs broadband data collection bill
The Broadband Data Act encourages wider collection of information regarding nationwide access to broadband.
News - Cutting Edge
Academics sink teeth into Yahoo search service
Yahoo hopes its Build Your Own Search Service program has piqued the interest of academic researchers. Next stop: start-ups.
Gallery
Photos: Cracking open Apple's revamped iPod Nano
Webware
280 Slides: PowerPoint made fast and easy, online
280 Slides is a notable online replacement for desktop presentation apps.
Green Tech
Urban wind power inspired by ancient Persia
The shape of urban wind power continues to morph. The latest twist come from Windation, a company with a design inspired by centuries-old "wind catchers."