Sounds like a good idea. @Trevor would you like to create an issue and make a pull request.
On Thu, 7 Feb 2019, 02:11 Ian Stapleton Cordasco <graffatcolmin...@gmail.com wrote: > We might want to explain this in the documentation > > Sent from my phone with my typo-happy thumbs. Please excuse my brevity > > On Wed, Feb 6, 2019, 20:10 Luke Hinds <lhi...@redhat.com wrote: > >> On Wed, Feb 6, 2019 at 11:56 PM Trevor Bidhadar < >> trevor.bidha...@securedecisions.com> wrote: >> >>> Hello, >>> >>> >>> >>> I am using Bandit and was wondering how do you define your severity and >>> confidence levels? In other words, what makes a High severity a >>> vulnerability High instead of Medium or Low? How do you define the >>> confidence of the finding? >>> >>> >>> >> >> It's based on OWASP's Risk Rating, see the following: >> >> >> https://www.owasp.org/index.php/OWASP_Risk_Rating#Step_4:_Determining_the_Severity_of_the_Risk >> >> >> >>> Thank you in advance for the information, >>> >>> Trevor Bidhadar >>> >>> >>> >>> (631)-759-3960 >>> >>> *Project Coordinator* >>> >>> *Secure Decisions div. of Applied Visions, Inc.* >>> >>> *6 Bayview Avenue* >>> >>> *Northport, NY 11768* >>> >>> *www.SecureDecisions.com <http://www.securedecisions.com/>* >>> >>> >>> _______________________________________________ >>> code-quality mailing list >>> code-quality@python.org >>> https://mail.python.org/mailman/listinfo/code-quality >>> >> >> >> -- >> Luke Hinds | CTO Office | Red Hat >> e: lhi...@redhat.com | irc: lhinds @freenode | t: +44 12 52 36 2483 >> _______________________________________________ >> code-quality mailing list >> code-quality@python.org >> https://mail.python.org/mailman/listinfo/code-quality >> >
_______________________________________________ code-quality mailing list code-quality@python.org https://mail.python.org/mailman/listinfo/code-quality
