On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar <
trevor.bidha...@securedecisions.com> wrote:

> Hello,
>
>
>
> I am using Bandit and was wondering how do you define your severity and
> confidence levels? In other words, what makes a High severity a
> vulnerability High instead of Medium or Low? How do you define the
> confidence of the finding?
>
>
>

It's based on OWASP's Risk Rating, see the following:

https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk



> Thank you in advance for the information,
>
> Trevor Bidhadar
>
>
>
> (631)-759-3960
>
> *Project Coordinator*
>
> *Secure Decisions div. of Applied Visions, Inc.*
>
> *6 Bayview Avenue*
>
> *Northport, NY 11768*
>
> *www.SecureDecisions.com <http://www.securedecisions.com/>*
>
>
> _______________________________________________
> code-quality mailing list
> code-quality@python.org
> https://mail.python.org/mailman/listinfo/code-quality
>


-- 
Luke Hinds  | CTO Office | Red Hat
e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
_______________________________________________
code-quality mailing list
code-quality@python.org
https://mail.python.org/mailman/listinfo/code-quality

Reply via email to