Posted by gettysburger on September 8, 2015 at 5:10pm
I am interested in learning about Drupal Security and appreciate the efforts of everyone on the Security Team. I am wondering what the best venue is to gain insight into how the team makes their decisions about what specific things trigger one level or another.
I am working on gaining an understanding of the NIST criteria, but was wondering if there is another venue I should be looking at for insight into the Security Team decisions.
Thanks!
Comments
You should be able to access
You should be able to access our calculator tool at https://security.drupal.org/riskcalc . The scale is an adapted version of the NVD Common Vulnerability Scoring System. (https://nvd.nist.gov/cvss.cfm?calculator&version=2)
I'm working on a blog about the risk calculator!
I'm working on a blog about the risk calculator! I'll post a link here when it's finish :-)
Looking forward to your blog.
Thanks. I really appreciate it. I don't have a deep security background but need to get up to speed. I appreciate help unpacking this.
Here's my blog about the Risk Calculator the security team uses
Here's my blog about the Risk Calculator the security team uses to determine the "Security Risk" of security advisories:
http://mydropninja.com/blog/understanding-drupal-security-advisories-risk-calculator
I hope you find it useful!
Please comment on the blog if something is difficult to understand or you wish more information on a particular element was included, etc..
Thanks!
David.