MozillaWiki

Security Severity Ratings: Difference between revisions

Page Discussion

Security Severity Ratings (view source)

Revision as of 19:37, 14 January 2009

2 bytes added ,  14 January 2009
→‎Mitigating Circumstances
(Add scary crashes to the list of sg:critical examples)
Line 66: Line 66:
If there are mitigating circumstances that severely reduce the effectiveness of the exploit, then the exploit could be reduced by one level of severity.  Examples of mitigating circumstances include difficulty in reproducing due to very specific timing or load order requirements, complex or unusual set of actions the user would have to take beyond normal browsing behaviors, or unusual software configuration.   
If there are mitigating circumstances that severely reduce the effectiveness of the exploit, then the exploit could be reduced by one level of severity.  Examples of mitigating circumstances include difficulty in reproducing due to very specific timing or load order requirements, complex or unusual set of actions the user would have to take beyond normal browsing behaviors, or unusual software configuration.   


As a rough guide, an exploit should only be successful less than 10% of the time to be considered for reduction in severity.  If measures can be taken to improve the effectiveness of the exploit to over 10% (by combining it with other existing bugs or techniques), then it should not be considered to be mitigated.
As a rough guide, to be considered for reduction in severity an exploit should   execute successfully less than 10% of the time.  If measures can be taken to improve the reliability of the exploit to over 10% (by combining it with other existing bugs or techniques), then it should not be considered to be mitigated.


==Additional Security Status Codes==
==Additional Security Status Codes==
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/124046"