('binary' encoding is not supported, stored as-is) Hi! Is there any standard format for reporting and analysing the security problems an application? Or it depends on the application type? I have published the security auditing report in the following format: --------------------------------------------------------- Filename/bugs Existance/exploit possibility Severity/impact of bug File1 User Authentication 1 2 ... .. .. .. ------------------------------------------------------------ Conventions: Existence/Exploit possibility: 0 – Doesn’t Exist 1 – Exist but impossible to exploit 2 – Exists but difficult to exploit 3 – Exploitable Severity/Impact of bug: 0 – No Harm 1 – May allow one user to read/write other user’s resource 2 – May Allow one user to read/write/execute system’s privileged resource. is that okay? Thanks. Best regards, Sandeep Giri
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 13:06:28 PST