Recently some folks have asked how we decide what severity to rate each security vulnerability. Thus far, we've mostly been using an informal process, but it seemed like a good idea to spell out our policy publicly. Below is a draft of some guidelines for assigning severities to security issues. Please let me know if you have any feedback. Once the draft stabilizes, we'll find a home for the guidelines on dev.chromium.org.
http://docs.google.com/Doc?id=dd4p8wc4_11cxwzfqfm This document is heavily influenced by Mozilla's guidelines for rating security vulnerabilities, which you can find at <https://wiki.mozilla.org/Security_Severity_Ratings>. The main difference is that the above document explains how the severity of security issues interacts with the sandbox. Thanks! Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---
