You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#631 and #624 gives a basic documentation but there is scope for improvement.
Info about severity systems
Info about version_api (githubtagsapi, etc) and time traveling
Open a draft PR (preferably) or an issue when you start working on something so that the project direction is visible to everyone.
runserver with --insecure or DEBUG=True in settings for UI
Add this somewhere in readme: OWASP Top 10 2021 (https://owasp.org/Top10/)
A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #1 Query cve-search' database for package vulnerabilities #2 in the industry survey, but also had enough data to make the Top 10 via data analysis. This category moves up from Collect vulnerabilities and package references from cve-search (and/or via4cve) #9 in 2017 and is a known issue that we struggle to test and assess risk. It is the only category not to have any CVEs mapped to the included CWEs, so a default exploit and impact weights of 5.0 are factored into their scores.
The text was updated successfully, but these errors were encountered:
#631 and #624 gives a basic documentation but there is scope for improvement.
A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #1 Query cve-search' database for package vulnerabilities #2 in the industry survey, but also had enough data to make the Top 10 via data analysis. This category moves up from Collect vulnerabilities and package references from cve-search (and/or via4cve) #9 in 2017 and is a known issue that we struggle to test and assess risk. It is the only category not to have any CVEs mapped to the included CWEs, so a default exploit and impact weights of 5.0 are factored into their scores.
The text was updated successfully, but these errors were encountered: