We might want to explain this in the documentation Sent from my phone with my typo-happy thumbs. Please excuse my brevity On Wed, Feb 6, 2019, 20:10 Luke Hinds <lhinds@redhat.com wrote:
On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < Trevor.Bidhadar@securedecisions.com> wrote:
Hello,
I am using Bandit and was wondering how do you define your severity and confidence levels? In other words, what makes a High severity a vulnerability High instead of Medium or Low? How do you define the confidence of the finding?
It's based on OWASP's Risk Rating, see the following:
https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Se...
Thank you in advance for the information,
Trevor Bidhadar
(631)-759-3960
*Project Coordinator*
*Secure Decisions div. of Applied Visions, Inc.*
*6 Bayview Avenue*
*Northport, NY 11768*
*www.SecureDecisions.com <http://www.securedecisions.com/>*
_______________________________________________ code-quality mailing list code-quality@python.org https://mail.python.org/mailman/listinfo/code-quality
-- Luke Hinds | CTO Office | Red Hat e: lhinds@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 _______________________________________________ code-quality mailing list code-quality@python.org https://mail.python.org/mailman/listinfo/code-quality