From 03ff9a601b0c0ee5048586fb82548ac02ec9af1d Mon Sep 17 00:00:00 2001 From: anonimal Date: Thu, 15 Feb 2018 08:46:11 +0000 Subject: [PATCH] VRP: clarify definition of LOW severity vulnerability --- VULNERABILITY_RESPONSE_PROCESS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VULNERABILITY_RESPONSE_PROCESS.md b/VULNERABILITY_RESPONSE_PROCESS.md index 8000b17..9eb89a1 100644 --- a/VULNERABILITY_RESPONSE_PROCESS.md +++ b/VULNERABILITY_RESPONSE_PROCESS.md @@ -75,7 +75,7 @@ PGP fingerprint = 1218 6272 CD48 E253 9E2D D29B 66A7 6ECF 9144 09F1 6. Establish severity of vulnerability: - a. HIGH: impacts network as a whole, has potential to break entire monero/kovri network, results in the loss of monero, or is on a scale of great catastrophe - b. MEDIUM: impacts individual nodes, routers, wallets, or must be carefully exploited - - c. LOW: is not easily exploitable + - c. LOW: is not easily exploitable or is low impact - d. If there are any disputes regarding bug severity, the Monero Response team will ultimately define bug severity 7. Respond according to the severity of the vulnerability: