<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Added to today's agenda. So much for 'Final' agenda :-)</p>
    <p>Thanks,</p>
    <p>Neil<br>
    </p>
    <div class="moz-cite-prefix">On 23/01/2020 13:02, Dimitris
      Zacharopoulos (HARICA) via Netsec wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:fdafeb2a-bc95-5cf8-5bfd-948e9c0802e7@harica.gr">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <br>
      Please consider this at the next netsec meeting. If the
      subcommittee thinks this change is justified and is deemed
      non-controversial, it may consider adding it in an upcoming
      ballot.<br>
      <br>
      Dimitris.<br>
      <div class="moz-forward-container"><br>
        <br>
        -------- Forwarded Message --------
        <table class="moz-email-headers-table" cellspacing="0"
          cellpadding="0" border="0">
          <tbody>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
              </th>
              <td>[cabforum/documents] NetSec: suggested CVSS updates
                (#156)</td>
            </tr>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date:
              </th>
              <td>Wed, 22 Jan 2020 20:10:32 -0800</td>
            </tr>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">From:
              </th>
              <td>Josh Aas <a class="moz-txt-link-rfc2396E"
                  href="mailto:notifications@github.com"
                  moz-do-not-send="true"><notifications@github.com></a></td>
            </tr>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:
              </th>
              <td>cabforum/documents
                <a class="moz-txt-link-rfc2396E"
href="mailto:reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA@reply.github.com"
                  moz-do-not-send="true"><reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA@reply.github.com></a></td>
            </tr>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
              <td>cabforum/documents <a class="moz-txt-link-rfc2396E"
                  href="mailto:documents@noreply.github.com"
                  moz-do-not-send="true"><documents@noreply.github.com></a></td>
            </tr>
            <tr>
              <th valign="BASELINE" nowrap="nowrap" align="RIGHT">CC: </th>
              <td>Subscribed <a class="moz-txt-link-rfc2396E"
                  href="mailto:subscribed@noreply.github.com"
                  moz-do-not-send="true"><subscribed@noreply.github.com></a></td>
            </tr>
          </tbody>
        </table>
        <br>
        <br>
        <p>Passing this report/suggestion along from a community member.</p>
        <p>Relating to the definition of "Critical Vulnerability":</p>
        <ol>
          <li>This link seems outdated:</li>
        </ol>
        <p><a href="http://nvd.nist.gov/home.cfm" rel="nofollow"
            moz-do-not-send="true">http://nvd.nist.gov/home.cfm</a></p>
        <p>Perhaps a better link would be:</p>
        <p><a href="https://nvd.nist.gov/vuln-metrics/cvss"
            rel="nofollow" moz-do-not-send="true">https://nvd.nist.gov/vuln-metrics/cvss</a></p>
        <p>This also has the advantage of being an https link.</p>
        <ol start="2">
          <li>CVSS v3.0 defines critical as 9.0 or above. The NetSec
            guidelines currently say CVSS 7.0 or higher is critical.
            Should the NetSec guidelines be changed to define critical
            as 9.0, in line with the CVSS ratings, or is NetSec
            intentionally lowering the bar for what's considered
            critical to 7.0?</li>
        </ol>
        <p
          style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>
          You are receiving this because you are subscribed to this
          thread.<br>
          Reply to this email directly, <a
href="https://github.com/cabforum/documents/issues/156?email_source=notifications&email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A"
            moz-do-not-send="true">view it on GitHub</a>, or <a
href="https://github.com/notifications/unsubscribe-auth/ACAMQEQKD45WD5IRLJEATV3Q7EKDRANCNFSM4KKQNHZA"
            moz-do-not-send="true">unsubscribe</a>.<img
src="https://github.com/notifications/beacon/ACAMQESINYJ3WWZSSV2VX5LQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A.gif"
            alt="" moz-do-not-send="true" width="1" height="1"></p>
        <script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/cabforum/documents/issues/156?email_source=notifications\u0026email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A",
"url": "https://github.com/cabforum/documents/issues/156?email_source=notifications\u0026email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script> </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
Netsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Netsec@cabforum.org">Netsec@cabforum.org</a>
<a class="moz-txt-link-freetext" href="http://cabforum.org/mailman/listinfo/netsec">http://cabforum.org/mailman/listinfo/netsec</a>
</pre>
    </blockquote>
  </body>
</html>