Severity Definitions:
| Title | Description |
|---|---|
| High | The type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Medium | The type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Low | The type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses. |
Exploit-ability Definitions:
| Title | Description |
|---|---|
| Easy | The data exposure is easy to exploit. |
| Moderate | The data exposure is moderately difficult to exploit. |
| Difficult | The data exposure is difficult to exploit. |
Priority Definitions:
P1 Issues are vulnerabilities that can allow a remote attacker to pull data from your application or the user's device or an vulnerability that would be embarrassing to your organization.
P2, P3, and P4 Issues are customer controlled, where the general SLAs are below:
| Title | Recommend SLA |
|---|---|
| P0 | 1 Day |
| P1 | Next Release |
P2 | 30 Days |
| P3 | 90 Days |
| P4 | 365 Days |