(Originally published on my blog)
While doing some work around the SolarWinds hacks, I realized that there’s just no simple triage scale that we in the industry can use to simply and succinctly characterize the severity of hacks.
This is my proposal for a simple scale to enable simple but meaningful comparisons of the severity of hacks.
Since the most important thing in hacks is the spread and severity, the cancer staging system gives a good model for measuring these kinds of things so this is adapted from that.
Security and privacy professional. Making Awful News Just Bad™ Since 2001.