Commit 7503e79f authored by Kathy Wang's avatar Kathy Wang

Merge branch 'remove-security-examples' into 'master'

Remove security examples

See merge request !15658
parents ece5cfe7 8d8526cc
Pipeline #33951134 passed with stages
in 26 minutes and 16 seconds
......@@ -348,33 +348,6 @@ incident that could result from this issue not being resolved.
`S4` may be used for issues not requiring mitigations, but may need to be
triaged as `~feature proposal`s as described under [labels](#labels-and-confidentiality).
#### More Risk Rating Examples
`S1`:
* Remote Code Execution (RCE)
* SQL Injection (SQLi)
* Authentication Bypass
* Authorization vulnerabilities that expose critical data (password hashes, repositories, tokens)
* While the above are possible examples of `S1`, the final determination for `S1` is determined by the impact to our users ( > 50% impacted)
`S2`:
* Cross-site Scripting (XSS)
* Authorization vulnerabilities that do not expose critical data
* Resource exhaustion denial-of-service (DoS)
* Cross-site Request Forgery (CSRF)
* While the above are possible examples of `S2`, the final determination for `S2` is determined by the impact to our users (between 25-50% impacted)
`S3`:
* Tab nabbing
* Race conditions that do not put user data in jeopardy
* Path disclosure
* While the above are possible examples of `S3`, the final determination for `S3` is determined by the impact to our users (up to 25% impacted)
`S4`:
* Implement new security feature
* Remove support for deprecated protocol
* While the above are possible examples of `S4`, the final determination for `S4` is determined by the impact to our users (zero impact to users)
## Internal Application Security Reviews
For systems built (or significantly modified) by functional groups that house customer and other sensitive data, the Security Team should perform applicable application security reviews to ensure the systems are hardened.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment