canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
Security/RiskRatings: Difference between revisions
→What Scores Mean
No edit summary |
|||
| Line 55: | Line 55: | ||
== What Scores Mean == | == What Scores Mean == | ||
{| border="1" class="fullwidth-table" | {| border="1" class="fullwidth-table" | ||
| | |||
| align="center" style="background:#f0f0f0;"|'''Critical (100+)''' | | align="center" style="background:#f0f0f0;"|'''Critical (100+)''' | ||
| align="center" style="background:#f0f0f0;"|'''High (99-76)''' | | align="center" style="background:#f0f0f0;"|'''High (99-76)''' | ||
| align="center" style="background:#f0f0f0;"|'''Medium (75-26)''' | | align="center" style="background:#f0f0f0;"|'''Medium (75-26)''' | ||
| align="center" style="background:#f0f0f0;"|'''Low (25-0)''' | | align="center" style="background:#f0f0f0;"|'''Low (25-0)''' | ||
|- | |||
|Effort Estimation || 1 Month || 2 Weeks || 2 Days || <1 Day | |||
|- | |||
|Review Type || Group (Scheduled on SecReview Calendar) || Group (Scheduled on SecReview Calendar) || Individual Reviewer || Individual Reviewer | |||
|- | |||
|Required Documents from development team | |||
Architecture Diagram, | |||
Application Diagram, | |||
Data Flow Enumeration, | |||
Threat Model | |||
| | |||
Required at input | |||
Required at input | |||
Required at input | |||
Created during review with Security Lead | |||
| | |||
Created during review | |||
Created during review | |||
Created during review | |||
Created during review | |||
| | |||
None required, but may speed review | |||
| | |||
None required, but may speed review | |||
|- | |||
| How Documented || SecReview Wiki || SecReview Wiki || SecReview Wikie -or- in Secreview bug (with indidication of no-wiki) || In SecReview Bug | |||
|- | |- | ||
|} | |} | ||