/
Severity Definitions
Severity Definitions
- Himanshu Dwivedi
- Alaina Nilsson
- B.J. Orvis
Owned by Himanshu Dwivedi
Severity Definitions:
| Title | Description |
|---|---|
| High | The type of data exposed is considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure will lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Medium | The type of data exposed may be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure may lead to brand/reputational damage, compliance issues, and/or financial losses. |
| Low | The type of data exposed could be considered regulated PII, PCI, PHI, PFI, Confidential, Sensitive, or Private. Further, the exposure could lead to brand/reputational damage, compliance issues, and/or financial losses. |
Exploit-ability Definitions:
| Title | Description |
|---|---|
| Easy | The data exposure is easy to exploit. |
| Moderate | The data exposure is moderately difficult to exploit. |
| Difficult | The data exposure is difficult to exploit. |
Priority Definitions:
P1 Issues are vulnerabilities that can allow a remote attacker to pull data from your application or the user's device or a vulnerability that could result in negative brand impact or press attention.
P2, P3, and P4 Issues are customer controlled, where the general SLAs are below:
| Title | Recommend SLA |
|---|---|
| P0 | 1 Day |
| P1 | Next Release |
P2 | 30 Days |
| P3 | 90 Days |
| P4 | 365 Days |
Related content
Data Type Descriptions
Data Type Descriptions
More like this
Status Defintions
Status Defintions
More like this
Technical Questions or False Positives
Technical Questions or False Positives
More like this