Reply to post:

We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?


Simple answer, because a score from 1-10 is easy for most people to understand. It may not be the best method but telling people there is a severity 9 bug they need to plug (i.e. upgrade software) is going to be a lot more effective than (e.g.) a 14R8 level bug.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon