Confirm
717
edits
Changes
→Mitigating Circumstances
If there are mitigating circumstances that severely reduce the effectiveness of the exploit, then the exploit could be reduced by one level of severity. Examples of mitigating circumstances include difficulty in reproducing due to very specific timing or load order requirements, complex or unusual set of actions the user would have to take beyond normal browsing behaviors, or unusual software configuration.
As a rough guide, to be considered for reduction in severity an exploit should only be successful execute successfully less than 10% of the time to be considered for reduction in severity. If measures can be taken to improve the effectiveness reliability of the exploit to over 10% (by combining it with other existing bugs or techniques), then it should not be considered to be mitigated.
==Additional Security Status Codes==
