Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Severity levels
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 19 Dec 2022 18:13:28 +0100 (CET)
Hello,
In the curl security team we assign "severity" to reported security
vulnerabilites and we have chosen to explictly opt out from using any form of
numerical scoring. We use Low, Medium, High and Critical.
This system has not been properly documented, and I want to improve this and I
have therefore tried to draft a first version trying to explain how we reason
when setting the severities we do. Usually of course basing our judgement on
how we decided for previous issues.
The descriptions for the various levels is fairly vague right now, but I am
not sure we can make them very specific. I have looked at how they are defined
in other projects and I have not found a set that I wanted to copy and use
"wholesale".
Thoughts and improvements welcome!
https://github.com/curl/curl/pull/10118
Date: Mon, 19 Dec 2022 18:13:28 +0100 (CET)
Hello,
In the curl security team we assign "severity" to reported security
vulnerabilites and we have chosen to explictly opt out from using any form of
numerical scoring. We use Low, Medium, High and Critical.
This system has not been properly documented, and I want to improve this and I
have therefore tried to draft a first version trying to explain how we reason
when setting the severities we do. Usually of course basing our judgement on
how we decided for previous issues.
The descriptions for the various levels is fairly vague right now, but I am
not sure we can make them very specific. I have looked at how they are defined
in other projects and I have not found a set that I wanted to copy and use
"wholesale".
Thoughts and improvements welcome!
https://github.com/curl/curl/pull/10118
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-12-19