Severity Definitions
- Himanshu Dwivedi
- Alaina Nilsson
- B.J. Orvis
Owned by Himanshu Dwivedi
Severity Definitions:
| Title | Description |
|---|---|
| High | The type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Medium | The type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Low | The type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses. |
Exploit-ability Definitions:
| Title | Description |
|---|---|
| Easy | The data exposure is easy to exploit. |
| Moderate | The data exposure is moderately difficult to exploit. |
| Difficult | The data exposure is difficult to exploit. |
Priority Definitions:
P1 Issues are vulnerabilities that can allow a remote attacker to pull data from your application or the user's device or a vulnerability that could result in negative brand impact or press attention.
P2, P3, and P4 Issues are customer controlled, where the general SLAs are below:
| Title | Recommend SLA |
|---|---|
| P0 | 1 Day |
| P1 | Next Release |
P2 | 30 Days |
| P3 | 90 Days |
| P4 | 365 Days |