<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Added to today's agenda. So much for 'Final' agenda :-)</p>
<p>Thanks,</p>
<p>Neil<br>
</p>
<div class="moz-cite-prefix">On 23/01/2020 13:02, Dimitris
Zacharopoulos (HARICA) via Netsec wrote:<br>
</div>
<blockquote type="cite"
cite="mid:fdafeb2a-bc95-5cf8-5bfd-948e9c0802e7@harica.gr">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<br>
Please consider this at the next netsec meeting. If the
subcommittee thinks this change is justified and is deemed
non-controversial, it may consider adding it in an upcoming
ballot.<br>
<br>
Dimitris.<br>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>[cabforum/documents] NetSec: suggested CVSS updates
(#156)</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date:
</th>
<td>Wed, 22 Jan 2020 20:10:32 -0800</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From:
</th>
<td>Josh Aas <a class="moz-txt-link-rfc2396E"
href="mailto:notifications@github.com"
moz-do-not-send="true"><notifications@github.com></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:
</th>
<td>cabforum/documents
<a class="moz-txt-link-rfc2396E"
href="mailto:reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA@reply.github.com"
moz-do-not-send="true"><reply+ACAMQERW63ZULTTODINBF4N4GZHTREVBNHHCCBB4HA@reply.github.com></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td>cabforum/documents <a class="moz-txt-link-rfc2396E"
href="mailto:documents@noreply.github.com"
moz-do-not-send="true"><documents@noreply.github.com></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">CC: </th>
<td>Subscribed <a class="moz-txt-link-rfc2396E"
href="mailto:subscribed@noreply.github.com"
moz-do-not-send="true"><subscribed@noreply.github.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<p>Passing this report/suggestion along from a community member.</p>
<p>Relating to the definition of "Critical Vulnerability":</p>
<ol>
<li>This link seems outdated:</li>
</ol>
<p><a href="http://nvd.nist.gov/home.cfm" rel="nofollow"
moz-do-not-send="true">http://nvd.nist.gov/home.cfm</a></p>
<p>Perhaps a better link would be:</p>
<p><a href="https://nvd.nist.gov/vuln-metrics/cvss"
rel="nofollow" moz-do-not-send="true">https://nvd.nist.gov/vuln-metrics/cvss</a></p>
<p>This also has the advantage of being an https link.</p>
<ol start="2">
<li>CVSS v3.0 defines critical as 9.0 or above. The NetSec
guidelines currently say CVSS 7.0 or higher is critical.
Should the NetSec guidelines be changed to define critical
as 9.0, in line with the CVSS ratings, or is NetSec
intentionally lowering the bar for what's considered
critical to 7.0?</li>
</ol>
<p
style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br>
You are receiving this because you are subscribed to this
thread.<br>
Reply to this email directly, <a
href="https://github.com/cabforum/documents/issues/156?email_source=notifications&email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A"
moz-do-not-send="true">view it on GitHub</a>, or <a
href="https://github.com/notifications/unsubscribe-auth/ACAMQEQKD45WD5IRLJEATV3Q7EKDRANCNFSM4KKQNHZA"
moz-do-not-send="true">unsubscribe</a>.<img
src="https://github.com/notifications/beacon/ACAMQESINYJ3WWZSSV2VX5LQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A.gif"
alt="" moz-do-not-send="true" width="1" height="1"></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/cabforum/documents/issues/156?email_source=notifications\u0026email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A",
"url": "https://github.com/cabforum/documents/issues/156?email_source=notifications\u0026email_token=ACAMQEQX2CTHV2N5EQBWAGDQ7EKDRA5CNFSM4KKQNHZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IIEHQ4A",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script> </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Netsec mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Netsec@cabforum.org">Netsec@cabforum.org</a>
<a class="moz-txt-link-freetext" href="http://cabforum.org/mailman/listinfo/netsec">http://cabforum.org/mailman/listinfo/netsec</a>
</pre>
</blockquote>
</body>
</html>