I have both done pentests and received pentest reports. My observation is that the perceived severity often varies between the tester and the customer.
You must log in or register to comment.
Even the potential threat wank they add to low severity stuff is ridiculous.
Finding: device responding to ping requests.
Severity: Low.
Threat: Using timing attacks and response analysis an attacker could derived the devices operating system.