|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: An example of hardware/software vulns - GPUs
- To: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- Subject: Re: An example of hardware/software vulns - GPUs
- From: Kent Landfield <bitwatcher@gmail.com>
- Date: Thu, 13 Jul 2017 09:46:52 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.2) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=fail action=none header.from=gmail.com;
- Cc: Art Manion <amanion@cert.org>, Kurt Seifried <kurt@seifried.org>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-date: Thu Jul 13 09:56:16 2017
- In-reply-to: <7748E4BAEC3B964387F3535351DCBA1F011535D9B2@D2ASEPREA010>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CABqVa38bvOMyz_NRtahUOFSsO_89NjYJ9C_nk2vvKrqMkFyzeQ@mail.gmail.com> <dedf2254-ddce-9d87-e4b1-139016fe0e5f@cert.org> <7748E4BAEC3B964387F3535351DCBA1F011535D9B2@D2ASEPREA010>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 5952c28dcc454f0789fb433d26f936ef
- Spamdiagnosticoutput: 1:2
A vulnerability in the context of the CVE Program is defined by the Counting Rules as listed in Appendix C. In general, a vulnerability is defined as a weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, OR availability. Mitigation of the vulnerabilities in this context typically involves coding changes, but could also include specification changes or even specification deprecations (e.g., removal of affected protocols or functionality in their entirety).” A vulnerability is a flaw or design oversight in software that could be used by an attacker to
gain unintended access to a system or network. CVE considers a flaw a vulnerability if it allows
an attacker to use it to violate a reasonable security policy for that system (this excludes entirely
“open” security policies in which all users are trusted, or where there is no consideration of risk
to the system). A vulnerability in the context of the CVE program is indicated by code that can be exploited, resulting in a negative impact to confidentiality, integrity, OR availability, and that requires a coding change, specification change, or specification deprecation to mitigate or address. Dropping an iPhone would not be covered by the multiple versions of the definition of a vulnerability we are using. Maybe we want one definition .... Kent Landfield +1.817.637.8026
|
- Follow-Ups:
- RE: An example of hardware/software vulns - GPUs
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- RE: An example of hardware/software vulns - GPUs
- References:
- An example of hardware/software vulns - GPUs
- From: Kurt Seifried <kurt@seifried.org>
- Re: An example of hardware/software vulns - GPUs
- From: Art Manion <amanion@cert.org>
- RE: An example of hardware/software vulns - GPUs
- From: "Millar, Thomas" <Thomas.Millar@hq.dhs.gov>
- An example of hardware/software vulns - GPUs
- Prev by Date: Re: An example of hardware/software vulns - GPUs
- Next by Date: RE: An example of hardware/software vulns - GPUs
- Previous by thread: Re: An example of hardware/software vulns - GPUs
- Next by thread: RE: An example of hardware/software vulns - GPUs
- Index(es):