Changing link filtering

Eric Christensen sparks at
Thu Nov 12 19:34:29 UTC 2015

On Thursday, November 12, 2015 01:21:24 PM David Cafaro wrote:
> The main reason I suggest changing our filter is that the Priority is
> likely something set according to the view of the developer/team in
> regards to how it fits into their overall work backlog.  The Severity is
> a rating based how "bad" it is.  From a security perspective we may
> think of something as having a higher priority due to certain types of
> Severity vs the developers Priority to working on the bug.

Yeah, that was my thinking in that severity was the impact of the 
vulnerability and priority was the priority of the fix to the devel team.  The 
automated tool uses the impact to set both fields but I think we should assume 
that the devel team might change the priority.

For our numbers, I think we should be using severity to note the impact.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the security-team mailing list