A Heartbleed 
By Any 
Other Name
CVSS v2 Base Score:
5.0 
(MEDIUM) (AV:N/AC:L/
AU:N/C:P/I:N/A:N)
“CVSS V2 scoring evaluates the impact of the
vulnerability on the host where the
vulnerability is located. When evaluating...
1. It’s a target of
opportunity for attackers.
2. It’s being actively and
successfully exploited on
the Internet.
3. It’s ...
Heartbleed
Breach Volume Release -> Now
1. CVE-2001-0540 -
Score: 5.0
2. CVE-2012-0152 -
Score: 4.3
3. CVE-2006-0003 –
Score: 5.1
4. CVE-2013-2423 -
Score: 4.3
CVE-2001-0540
CVE-2013-2423
CVE-2001-0540
Windows 2000
CVE-2006-0003
ActiveX
CVE-2012-0152
Windows 7
CVE-2013-2423
Java Runtime
HeartBleed
Thank you!
www.risk.io
A Heartbleed By Any Other Name - Data Driven Vulnerability Management
Upcoming SlideShare
Loading in …5
×

A Heartbleed By Any Other Name - Data Driven Vulnerability Management

929 views

Published on

The heartbleed vulnerability exposes a weakness in current vulnerability management practices - namely, they aren't driven by the data. Starting with the data, we identify 4 vulnerabilities which are arugably more important than Heartbleed.

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
929
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

A Heartbleed By Any Other Name - Data Driven Vulnerability Management

  1. 1. A Heartbleed By Any Other Name
  2. 2. CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/ AU:N/C:P/I:N/A:N)
  3. 3. “CVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organization’s risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.”
  4. 4. 1. It’s a target of opportunity for attackers. 2. It’s being actively and successfully exploited on the Internet. 3. It’s easy to exploit.
  5. 5. Heartbleed Breach Volume Release -> Now
  6. 6. 1. CVE-2001-0540 - Score: 5.0 2. CVE-2012-0152 - Score: 4.3 3. CVE-2006-0003 – Score: 5.1 4. CVE-2013-2423 - Score: 4.3
  7. 7. CVE-2001-0540 CVE-2013-2423
  8. 8. CVE-2001-0540 Windows 2000 CVE-2006-0003 ActiveX CVE-2012-0152 Windows 7 CVE-2013-2423 Java Runtime HeartBleed
  9. 9. Thank you! www.risk.io

×