Thanks for all your comments. The guidelines are now posted at: http://dev.chromium.org/developers/severity-guidelines
Adam On Thu, May 7, 2009 at 11:41 PM, Adam Barth <aba...@chromium.org> wrote: > Recently some folks have asked how we decide what severity to rate > each security vulnerability. Thus far, we've mostly been using an > informal process, but it seemed like a good idea to spell out our > policy publicly. Below is a draft of some guidelines for assigning > severities to security issues. Please let me know if you have any > feedback. Once the draft stabilizes, we'll find a home for the > guidelines on dev.chromium.org. > > http://docs.google.com/Doc?id=dd4p8wc4_11cxwzfqfm > > This document is heavily influenced by Mozilla's guidelines for rating > security vulnerabilities, which you can find at > <https://wiki.mozilla.org/Security_Severity_Ratings>. The main > difference is that the above document explains how the severity of > security issues interacts with the sandbox. > > Thanks! > Adam > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---