Thanks. Fixed. Adam
On Fri, May 8, 2009 at 11:42 AM, Ian Fette <i...@chromium.org> wrote: > Nit: under High, " Additionally, we will usually rate issues that let an > attacker execute arbitrary code in the sandbox as high because the sandbox > limits the privileges of a compromised rendering engine." > sandbox limits -> sandbox is designed to limit. (Lawyers are rubbing off on > me.) > > 2009/5/7 Adam Barth <aba...@chromium.org> >> >> Recently some folks have asked how we decide what severity to rate >> each security vulnerability. Thus far, we've mostly been using an >> informal process, but it seemed like a good idea to spell out our >> policy publicly. Below is a draft of some guidelines for assigning >> severities to security issues. Please let me know if you have any >> feedback. Once the draft stabilizes, we'll find a home for the >> guidelines on dev.chromium.org. >> >> http://docs.google.com/Doc?id=dd4p8wc4_11cxwzfqfm >> >> This document is heavily influenced by Mozilla's guidelines for rating >> security vulnerabilities, which you can find at >> <https://wiki.mozilla.org/Security_Severity_Ratings>. The main >> difference is that the above document explains how the severity of >> security issues interacts with the sandbox. >> >> Thanks! >> Adam >> >> >> > > --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
