Sounds like a good idea. @Trevor would you like to create an issue and make a pull request.

On Thu, 7 Feb 2019, 02:11 Ian Stapleton Cordasco <graffatcolmingov@gmail.com wrote:
We might want to explain this in the documentation

Sent from my phone with my typo-happy thumbs. Please excuse my brevity

On Wed, Feb 6, 2019, 20:10 Luke Hinds <lhinds@redhat.com wrote:
On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar <Trevor.Bidhadar@securedecisions.com> wrote:

Hello,

 

I am using Bandit and was wondering how do you define your severity and confidence levels? In other words, what makes a High severity a vulnerability High instead of Medium or Low? How do you define the confidence of the finding?

 


It's based on OWASP's Risk Rating, see the following:


 

Thank you in advance for the information,

Trevor Bidhadar

 

(631)-759-3960

Project Coordinator

Secure Decisions div. of Applied Visions, Inc.

6 Bayview Avenue

Northport, NY 11768

www.SecureDecisions.com

 

_______________________________________________
code-quality mailing list
code-quality@python.org
https://mail.python.org/mailman/listinfo/code-quality


--
Luke Hinds  | CTO Office | Red Hat
e: lhinds@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
_______________________________________________
code-quality mailing list
code-quality@python.org
https://mail.python.org/mailman/listinfo/code-quality