130
edits
User:Tritter/Working/Web Security Severity Ratings: Difference between revisions
Jump to navigation
Jump to search
User:Tritter/Working/Web Security Severity Ratings (view source)
Revision as of 15:18, 20 February 2020
, 20 February 2020→Severity Ratings
| Line 3: | Line 3: | ||
==Severity Ratings == | ==Severity Ratings == | ||
In all cases, the severity of server and web application bugs is dependent on the critically of the service and the value of the data that could be compromised. Thus while the table below provides <i>very</i> broad | In all cases, the severity of server and web application bugs is dependent on the [https://www.mozilla.org/en-US/security/bug-bounty/web-eligible-sites/|critically of the service] and the value of the data that could be compromised. Thus while the table below provides <i>very</i> broad guidelines, they cannot be directly used to determine the severity of a bug absent the consideration of the affected service. | ||
{| class="wikitable collapsible" style="width: 100%" | {| class="wikitable collapsible" style="width: 100%" | ||
| Line 11: | Line 11: | ||
The following items are keywords for the severity of an issue. | The following items are keywords for the severity of an issue. | ||
;'''sec-critical''': Critical vulnerabilities are urgent security issues that present an ongoing or immediate danger to | ;'''sec-critical''': Critical vulnerabilities are urgent security issues that present an ongoing or immediate danger to users of our services. Often-times there is no difference technically between a sec-critical and a sec-high, the difference is purely related to to the classification of the site and the risk to users. | ||
{| class="wikitable collapsible " style="width: 100%" | {| class="wikitable collapsible " style="width: 100%" | ||
! ''sec-critical Examples:'' | ! ''sec-critical Examples:'' | ||