security team

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
greggles's picture

Updating "criticality" levels to match scores

A while ago, after a lot of great research and work (mostly by Michael Hess), we rolled out a new style of scoring individual security advisories. The system is based on NIST's scoring at https://t.co/Pvhzn9CHP2

For example, a recent issue had a "score" of
7/25 AC:Basic/A:Admin/CI:None/II:None/E:Theoretical/TD:All

The score and coding is meant to explain the risk, but it's rather cryptic.

To try to be more "human friendly" we also still say things like "Highly Critical" and "Less Critical" and "Not Critical".

Read more
Subscribe with RSS Syndicate content