New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in the Risk Rating Methodology page #431
Comments
No they’re fine a skilled attacker is of greater risk. |
Sorry for the insistence, but this is not a risk level, in fact the risk is a value calculated at the end of the methodology. Here it is a matter of estimating the probability of success of the attack based on the knowledge required of the group of people attacking the system, so if the level required to attack the system is higher (skills that few people have) the probability of an attack is lower. (hence level 1 for example) and vice-versa. Or, something absolutely not to be excluded, I have misinterpreted it and therefore the element should still be reformulated to make it more explicit and less subject to interpretation! Anyway thanks @kingthorin ! See also: |
You’d have to look through the page history on wiki.OWASP.org and the testing mailing list, this has always been contentious. |
We’ll remove this individual page and simply put in a redirect to the Risk Assessment Framework. It’s an active project and a more reasonable resource for the topic. |
In the "Threat Agent Factors" chapter the "Skill Level" ratings are inverted:
Expected:
Presented:
The text was updated successfully, but these errors were encountered: