canmove, Confirmed users
637
edits
Security Severity Ratings/Client: Difference between revisions
updated description and examples for 'sec-other'
(removing secopstype keyword section: it was moved to the "web" keywords page) |
(updated description and examples for 'sec-other') |
||
| Line 81: | Line 81: | ||
|- | |- | ||
| | | | ||
;'''sec-other''': sec-other is | ;'''sec-other''': sec-other is used for bugs that are not themselves exploitable security issues but may contain information about other security-sensitive issues that needs to be kept confidential. Note: if the private information is not related to security issues the bug should use "employee confidential" or some other group instead of "security-sensitive" | ||
{| class="wikitable collapsible " style="width: 100%" | {| class="wikitable collapsible " style="width: 100%" | ||
! ''sec-other Examples:'' | ! ''sec-other Examples:'' | ||
| Line 87: | Line 87: | ||
| | | | ||
* Gaps in fuzzing coverage to be addressed | * Gaps in fuzzing coverage to be addressed | ||
* | * Meta bugs tracking a group of related security issues | ||
* A non-security bug where an independent security issue was discovered during the investigation. The separate security issue should be addressed in a new bug, but the original issue needs to remain hidden until the security issue is resolved. | |||
|} | |} | ||
;'''sec-audit''': Bugs marked sec-audit are typically for tasks to investigate a particular component of concern, or pattern of concern. It should NEVER be used for an actual, identified vulnerability. Either a sec-audit bug should cause additional bugs to be opened for specific instances, or a specific bug should cause a sec-audit bug to be opened for investigating variants of the original. | ;'''sec-audit''': Bugs marked sec-audit are typically for tasks to investigate a particular component of concern, or pattern of concern. It should NEVER be used for an actual, identified vulnerability. Either a sec-audit bug should cause additional security bugs to be opened for specific instances, or a specific bug should cause a sec-audit bug to be opened for investigating variants of the original. | ||
{| class="wikitable collapsible " style="width: 100%" | {| class="wikitable collapsible " style="width: 100%" | ||
! ''sec-audit Examples:'' | ! ''sec-audit Examples:'' | ||