We might want to explain this in the documentation Sent from my phone with my typo-happy thumbs. Please excuse my brevity
On Wed, Feb 6, 2019, 20:10 Luke Hinds <lhi...@redhat.com wrote: > On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < > trevor.bidha...@securedecisions.com> wrote: > >> Hello, >> >> >> >> I am using Bandit and was wondering how do you define your severity and >> confidence levels? In other words, what makes a High severity a >> vulnerability High instead of Medium or Low? How do you define the >> confidence of the finding? >> >> >> > > It's based on OWASP's Risk Rating, see the following: > > > https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk > > > >> Thank you in advance for the information, >> >> Trevor Bidhadar >> >> >> >> (631)-759-3960 >> >> *Project Coordinator* >> >> *Secure Decisions div. of Applied Visions, Inc.* >> >> *6 Bayview Avenue* >> >> *Northport, NY 11768* >> >> *www.SecureDecisions.com <http://www.securedecisions.com/>* >> >> >> _______________________________________________ >> code-quality mailing list >> code-quality@python.org >> https://mail.python.org/mailman/listinfo/code-quality >> > > > -- > Luke Hinds | CTO Office | Red Hat > e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 > _______________________________________________ > code-quality mailing list > code-quality@python.org > https://mail.python.org/mailman/listinfo/code-quality >
_______________________________________________ code-quality mailing list code-quality@python.org https://mail.python.org/mailman/listinfo/code-quality
