"In Search of a B.S. Filter for Software Bugs"

Some organizations are still struggling to determine the potential impact of a software bug on their business. The cybersecurity company Rapid7 set up a project to bring further attention to how crowdsourcing can help organizations rate the severity of security flaws. Rapid7 asked security professionals to use a web platform, called the Attacker Knowledge Base (KB), to evaluate how a vulnerability might affect an organization. They answered questions pertaining to how easy it would be for a hacker to exploit a security flaw, how much access they can gain through the abuse of the vulnerability, and more. The project shows that crowdsourced vulnerability assessments can increase understanding of a software bug's potential impact through individual experts' personal experiences. This article continues to discuss Rapid7's AttackerKB platform, the Common Vulnerability Scoring System (CVSS), and the value of crowdsourced vulnerability assessments. 

CyberScoop reports "In Search of a B.S. Filter for Software Bugs"