> > Rob proposed something based on CVSS, but I've yet to see a process that > we could include as part of the vulnerability management team processes. > Could you provide a little more detail as to what is missing? It would be nice to move ahead with doing something like this. But perhaps I don't know what problems remain to be solved (or where OSSG could help with those problems). Thanks, -bryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140825/0933ebba/attachment.html>