Severity Definitions:
Title | Description |
---|---|
High | The type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses. |
Medium | The type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses. |
Low | The type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses. |
Exploit-ability Definitions:
Title | Description |
---|---|
Easy | The data exposure is easy to exploit. |
Moderate | The data exposure is moderately difficult to exploit. |
Difficult | The data exposure is difficult to exploit. |
Priority Definitions:
P1 Issues are vulnerabilities that can allow a remote attacker to pull data from your application or the user's device or a vulnerability that could result in negative brand impact or press attention.
P2, P3, and P4 Issues are customer controlled, where the general SLAs are below:
Title | Recommend SLA |
---|---|
P0 | 1 Day |
P1 | Next Release |
P2 | 30 Days |
P3 | 90 Days |
P4 | 365 Days |