Hello Cyrille, El 11/04/24 a las 09:15, Cyrille Bollu escribió: > Why not using CVSS as a base calculation for assigning severity levels? > > IIRC, something like: > > CVSS>=8 => High > 4<=CVSS<8 => Medium > CVSS<4 => Low ... Thanks for the comment! I cannot talk for the security team, but I understand the security-tracker lacks a feature to record and rescore the CVSS (other than the additional work load on the teams). And I think that would be a requirement for calculating the severity based on CVSS. Cheers, -- Santiago
Attachment:
signature.asc
Description: PGP signature