Thursday, June 26, 2008

Vulnerability counting revisited: a hypothetical example

Quoting the article:

The lesson to take from this hypothetical example is that counting vulnerability reports is as likely to lead you to the wrong conclusion as to the right conclusion. Find more information before making a decision. Think through the implications of any metric you have available.

Don’t buy the easy interpretation just because it’s easy.

Link: http://blogs.techrepublic.com.com/security/?p=472

No comments: