tag:blogger.com,1999:blog-4088979.post112420404279810202..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: National Vulnerability DatabaseRichard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-1124324274859731852005-08-17T20:17:00.000-04:002005-08-17T20:17:00.000-04:00Hello,Many times I see the word "threat" used impr...Hello,<BR/><BR/>Many times I see the word "threat" used improperly. Search the blog for "threat" and you'll find many old posts.<BR/><BR/>A vulnerability is not a threat. A vulnerability is a component of risk, hence my replacement of the word "threat" with "risk" in my suggested replacement sentence.Richard Bejtlichhttps://www.blogger.com/profile/13512184196416665417noreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1124324039743907342005-08-17T20:13:00.000-04:002005-08-17T20:13:00.000-04:00Hi Richard,I wonder if you could post some more on...Hi Richard,<BR/><BR/>I wonder if you could post some more on why you groan about 'threat index' as a security term.<BR/><BR/>I too have disliked this term 'threat', sincce I feel it's impossible to measure intent. I prefer to think in terms of 'vulnerabilities' and 'exploits' which are much more measurable IMHO - and I think the use of the word 'threat' is damaging security thinking every time it's used.<BR/><BR/>Would love to hear your expanded thoughts on this.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1124219590232349802005-08-16T15:13:00.000-04:002005-08-16T15:13:00.000-04:00What would scare me most about the .gov providing ...What would scare me most about the .gov providing this service is how judicious they may be with posting and announcing vulnerabilities. Will they be subject to US companies with clout enough to tell them to take a vulnerability off? Will the DHS use this as part of their way to control cyberterror by not publihing vulnerabilities that are not patched yet? Otherwise they may get general media lashback about providing the tools to 'hackers' they are trying to protect from...<BR/><BR/>-- LonerVampAnonymousnoreply@blogger.com