Confirmed users
81
edits
WebAppSec/Web App Severity Ratings: Difference between revisions
WebAppSec/Web App Severity Ratings (view source)
Revision as of 18:46, 12 August 2011
, 12 August 2011no edit summary
No edit summary |
|||
| Line 181: | Line 181: | ||
All confirmed vulnerabilities with the infrastructure should be filed as a bug under the Infrastructure Security Group and will be marked as either “Infrastructure Related" or "Security-Sensitive.” This will ensure that the bug isn't disclosed to the public and will be the initial stance on all events and vulnerabilities until a proper review of the bug is performed. | All confirmed vulnerabilities with the infrastructure should be filed as a bug under the Infrastructure Security Group and will be marked as either “Infrastructure Related" or "Security-Sensitive.” This will ensure that the bug isn't disclosed to the public and will be the initial stance on all events and vulnerabilities until a proper review of the bug is performed. | ||
<nowiki>Insert non-formatted text here</nowiki> | <nowiki>Insert non-formatted text here</nowiki> | ||
== Whiteboard Tags for Security Reviews == | |||
These are the work flow tags for the web security review process.<br> | |||
Status Tags | |||
* '''[pending secreview]''' - pending to be reviewed | |||
* '''[in-progress secreview]''' - it is currently being worked on | |||
* '''[completed secreview]''' - review completed | |||
<br>Waiting on tags | |||
* '''[waiting on code complete]''' - waiting for the code to be completed | |||
* '''[waiting on infra setup]''' - waiting on infrastructure to be setup | |||
= Opening Web Security Bugs = | = Opening Web Security Bugs = | ||