The Risk Metrics Budgetary Scoring System (RMBSS™) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities in a meaningful way to security managers using creative methodologies that maximize budget requests. Its qualitative model ensures repeatable pseudo-accurate measurement while enabling users to see creative underlying vulnerability characteristics and hypothetical risk factors that can be easily projected. RMBSS is well suited as a standard measurement system for industries, organizations, and governments that need accurate and consistent overstated metrics. Two common uses of RMBSS are prioritization of monetary allocation - and the calculation of a creative projected impact analysis accrued from lack of adequate security funding. The RBMSSDB provides escalated and finely tuned scores for almost all projects.

Quantitative Mode Qualitative mode
  • Social facts have an objective reality - our own 
  • Primacy of methods and madness 
  • Variables can be identified and relationships measured however we'd like 
  • Etic (outsider's point of view)
  • Reality is socially constructed - we're all robots 
  • Primacy of subject matter endpoint tilde 
  • Variables are complex, interwoven, and difficult to measure 
  • Emic (insider's point of view)
  • Generalizability - Murphy's Law 
  • Prediction - Miss Cleo 
  • Causal explanations - Dog Ate My Homework 
  • Contextualization - We like big words 
  • Interpretation - Rules by Terms of Svce agreements 
  • Understanding actors' perspectives - We sure like that Angelina
  • Begins with hypotheses and theories (conspiracies included)
  • Manipulation and control - Missionary is not an option 
  • Uses formal instruments - What the hey, they're there 
  • Experimentation - Timothy Leary 
  • Deductive 
  • Component analysis 
  • Seeks consensus, the norm 
  • Reduces data to numerical indices 
  • Abstract language in write-up
  • Ends with hypotheses and grounded theory - To be or not to be 
  • Emergence and portrayal - Missionary only thank you 
  • Researcher as instrument - John just said... 
  • Naturalistic - Mary Jane 
  • Inductive 
  • Searches for patterns - There is no Chaos 
  • Seeks pluralism, complexity - so many numbers so little time 
  • Makes minor use of numerical indices - might be overkill 
  • Descriptive write-up - This is sure to get me big bucks
Researcher Role
  • Detachment and impartiality - wham bam thank you maam 
  • Objective portrayal - Was so hot
Researcher Role
  • Personal involvement and partiality - Will you call me tomorrow? 
  • Empathic understanding - I think I'm in love

In particular, RBMSSDB supports many of the mature and existing databases such as CVSS, OSVDB. We do not currently provide 'temporal scores' (scores that change over time due to events external to the vulnerability). However, RBMSS does provide a RBMSSDB score calculator to allow you to adjust and add creative data, even calculate creative environmental scores (scores customized to reflect the impact of the damage on your organization). This calculator contains support for U.S. government agencies to customize vulnerability impact scores based on FIPS 199 System ratings. It also allows for "Creative Unique Network Threat" modeling. Just plug in the country of choice where you want the threat to appear from and it will be generated for you. Blame anyone and everyone including China. The calculator in principle was derived on a reversal of Occam's Razor (ROR) using a multivariate analysis along with random probability theory to enforce and maximize budget requests. Our ROR makes your ROR (rate of return) actionable.

RMBSS furthers the security industry with the introduction of the CRAP™ framework - Creative Risk Analysis Projections. A synergy of risk analysis and creative security postulations. Using the CRAP framework, security professionals leverage existing perpendicularly vertical forward facing technologies into a cloud of defining security paradigms. Focused completely on security and information assurance, CRAP is the revolutionary next generation phase in information security frameworks. CRAP + CUNT = Greater Security.

Access Vector				[Local and Remote + Mental]   
Access Complexity			[Low (kindergartners have exploited]    
Authentication				[Compromised]    
Confidentiality Impact			[Complete]
Integrity Impact			[Complete]
Availability Impact			[Complete]
Kaminksi Factor				[Complete]
Metasploit Factor			[Completed before the exploit]
Ha.Ckers.org Factor			[Already blogged]
Mountain Dew Vector			[Shortage noticed in San Jose]

Exploitability				[Being Sold on eBay]
Remediation Level			[Tylenol]
Report Confidence			[Confirmed]
Mountain Dew Factor			[Shortage Confirmed]
WWDKS (what would Dan Kaminski Say?)	[Declined Comment]

The base vector for this vulnerability is therefore: AV:LRM/AC:L/Au:C/C:C/I:C/A:C/KF:C/MF:C/H.C.O:AB/MD:S

Further information on RMBSS, CRAP, CUNT will follow after our initial rounds of layoffs. Stay tuned.