Feature: OWASP Risk Rating of the issue.
⭐ Feature request
📋 Short description
Feature: OWASP Risk Rating of the issue.
📋 Full description
Please implement the possibility to include OWASP risk rating in the issue. CVSS is too generic (wide). OWASP provides better granularity in some cases. So, it would be nice to support both evaluations.
My proposal is in https://gitlab.com/e348/pcf/-/tree/owasp-risk-rating. It uses a new DB table to store the values, generates the risk vector together with changes and of course supports updates, removals. I did not enhance the issue templates, yet.
Create issue
Update issue
From my point of view, the reporting feature might be enhanced to include: Overall evaluation, Likelihood score, impact score, risk vector and it would be nice to include also the chart similar to:
👍 Advantages
- Another option to evaluate the vulnerability
- Important portion of web application pentests is done according OWASP WSTG, so OWASP's risk rating is natural
ℹ ️Useful information
In my implementation, I utilized this: https://github.com/JavierOlmedo/OWASP-Calculator
🔗 Links
https://owasp.org/www-community/OWASP_Risk_Rating_Methodology