On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < trevor.bidha...@securedecisions.com> wrote:
> Hello, > > > > I am using Bandit and was wondering how do you define your severity and > confidence levels? In other words, what makes a High severity a > vulnerability High instead of Medium or Low? How do you define the > confidence of the finding? > > > It's based on OWASP's Risk Rating, see the following: https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk > Thank you in advance for the information, > > Trevor Bidhadar > > > > (631)-759-3960 > > *Project Coordinator* > > *Secure Decisions div. of Applied Visions, Inc.* > > *6 Bayview Avenue* > > *Northport, NY 11768* > > *www.SecureDecisions.com <http://www.securedecisions.com/>* > > > _______________________________________________ > code-quality mailing list > code-quality@python.org > https://mail.python.org/mailman/listinfo/code-quality > -- Luke Hinds | CTO Office | Red Hat e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483
_______________________________________________ code-quality mailing list code-quality@python.org https://mail.python.org/mailman/listinfo/code-quality