[ news_security_news ]
Oracle Updates Update Presentation
Chris Crum
Staff Writer
2006-10-12
 Security News RSS Feed
Oracle is making what some would call "much needed" changes to the way it presents its security bulletins.
The bulletins have been criticized as being too hard to understand, but now the company will adopt a simpler severity ranking system that will people will find somewhat familiar.
As a result of demand from customers, Oracle will adopt the CVSS (Common Vulnerability Scoring System) standard originally created by the Department of Homeland Security. Ryan Naraine at eWeek writes: In the past year, CVSS scores have started appearing in advisories from companies such as Cisco Systems, Qualys, Nessus and Skype.
In addition, the National Institute of Standards and Technology's National Vulnerability Database has completed CVSS scores for more than 15,000 vulnerabilities in its system.
Microsoft remains a significant holdout, relying instead on its proprietary flaw-rating system that describes vulnerabilities as "critical," "important," "moderate" or "low." According to Naraine, Oracle will offer 2 CVSS scores on a scale of one to ten so users will be able to tell, which flaws have higher risk.
The system will be implemented beginning October 17, with the company's scheduled Critical Patch Update.
Tag: Oracle
Add to  Del.icio.us |  Digg |  Yahoo! My Web |  Furl
Get all the updates in RSS: 
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
