Josh Grossman
Josh Grossman
Ok so how about: | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---: |...
Final proposal discussed with @elarlang. | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---:...
Let's discuss in #3201
@set-reminder @tghosth in 1 day to double check the reasoning behind this split but strongly consider re-connecting them and simplifying the requirement.
By nature, these requirements are probably better put into the proposed "architecture" section for V10 (discussed in #2173)
Ok @elarlang so my proposal: | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---:...
So I prefer that security is not the "Department of No", but rather the "Department of Yes, and...." or at least the "Department of Yes, but....". Hence, saying if you...
So should we change "risky" to "perform potentially dangerous operations" or "perform security sensitive operations"?
@elarlang I accept your point about risky which is why I suggested different potential wording above. Jim also makes good points about how to quantify. We could include Jim's point...
From your perspective, you would prefer to delete this requirement?