Confirmed users
133
edits
Security/Web Bug Rotation: Difference between revisions
→Process
| Line 37: | Line 37: | ||
#* '''INVALID''' | #* '''INVALID''' | ||
## Resolve bug as invalid | ## Resolve bug as invalid | ||
Proposed enhancement to the process: | |||
# For NEW issues assigneee should use Minion (or one of its supported tools directly) to determine if the vulnerability should have been found by those tools on the default settings. | |||
# Assignee should record: | |||
## If the security tools supported by Minion could have found the bug automatically | |||
## If not, could they be easily changed to find the bug | |||
## If we think other tools could have found it that Minion doesnt currently support - these could either be specific tools or classes of tools (like static code analysers) | |||
# This information is currently being recorded here: https://mana.mozilla.org/wiki/display/SECURITY/AppSec+Web+Bug+Reviews but we may change to record it in Bugzilla | |||