Jump to content
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
NickTheGreek

Updates to TSR announcement and disclosure information

Recommended Posts

March 16, 2017

With the first TSR release of 2015 we began providing CVSSv2 scores in our full disclosure of resolved security issues in cPanel & WHM. The CVSSv2 scoring system is a free and open standard that attempts to rate the severity of security vulnerabilities (finalized in June 2007). In June 2015 this scoring system was updated to version 3, and includes several changes to the way that the scores are determined. Specifically, the underlying vectors used to derive the numerical scores of the metric groups have been changed, and the updated scoring system is intended to reflect a more accurate estimation of the severity of vulnerabilities. 

Beginning with the second TSR release of 2017 (TSR-2017-0002, expected on March 21st), we will provide a CVSSv3 Base vector score range in our TSR announcements, and the full Base vector string and score for each resolved vulnerability in our full disclosure announcements. If you would like to learn more about the various vectors used to calculate CVSSv3 scores along with the underlying reasoning as applicable to the CVSS standard, please see https://www.first.org/cvss and https://www.first.org/cvss/calculator/3.0.

http://news.cpanel.com/updates-to-tsr-announcement-and-disclosure-information/

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×