Sounds like a good idea. @Trevor would you like to create an issue and make a pull request.
On Thu, 7 Feb 2019, 02:11 Ian Stapleton Cordasco <[email protected] wrote: > We might want to explain this in the documentation > > Sent from my phone with my typo-happy thumbs. Please excuse my brevity > > On Wed, Feb 6, 2019, 20:10 Luke Hinds <[email protected] wrote: > >> On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < >> [email protected]> wrote: >> >>> Hello, >>> >>> >>> >>> I am using Bandit and was wondering how do you define your severity and >>> confidence levels? In other words, what makes a High severity a >>> vulnerability High instead of Medium or Low? How do you define the >>> confidence of the finding? >>> >>> >>> >> >> It's based on OWASP's Risk Rating, see the following: >> >> >> https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk >> >> >> >>> Thank you in advance for the information, >>> >>> Trevor Bidhadar >>> >>> >>> >>> (631)-759-3960 >>> >>> *Project Coordinator* >>> >>> *Secure Decisions div. of Applied Visions, Inc.* >>> >>> *6 Bayview Avenue* >>> >>> *Northport, NY 11768* >>> >>> *www.SecureDecisions.com <http://www.securedecisions.com/>* >>> >>> >>> _______________________________________________ >>> code-quality mailing list >>> [email protected] >>> https://mail.python.org/mailman/listinfo/code-quality >>> >> >> >> -- >> Luke Hinds | CTO Office | Red Hat >> e: [email protected] | irc: lhinds @freenode | t: +44 12 52 36 2483 >> _______________________________________________ >> code-quality mailing list >> [email protected] >> https://mail.python.org/mailman/listinfo/code-quality >> >
_______________________________________________ code-quality mailing list [email protected] https://mail.python.org/mailman/listinfo/code-quality
