Our severity rating differs from the CVSS rating because of the amount of interactions or preconditions required to exploit the reported vulnerabilities. “There was no “downgrade” that took place with our severity assessment on these vulnerabilities. I reached out to Microsoft for a statement regarding the severity rating of vulnerabilities in Edge and here is what a spokesperson said: It wouldn't be overly surprising if others did come to that conclusion, however. I'm absolutely sure the decision isn't influenced by the fact that a critical sandbox escaping bug would bring a reward of between $20,000 and $30,000 whereas a moderate one drops to just $5,000 maximum and possibly as low as $1,000.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |