Changes between Version 6 and Version 7 of org/teams/NetworkTeam/SecurityPolicy


Ignore:
Timestamp:
Mar 20, 2018, 12:02:43 PM (12 months ago)
Author:
nickm
Comment:

Be more explicit about flexibility in levels.

Legend:

Unmodified
Added
Removed
Modified
  • org/teams/NetworkTeam/SecurityPolicy

    v6 v7  
    121121Some bugs affect Tor, but are '''upstream bugs''', not bugs in Tor itself: they include bugs in external libraries, like OpenSSL, Libevent, or zlib; bugs in an operating system's kernel; or bugs in upstream Firefox affecting TorBrowser. When we become aware of an "upstream" issue like this, we will coordinate with the upstream developers to find and deploy an appropriate fix, in accordance with their own security processes.
    122122
    123 Finally, ''the above categories are approximation only''; difficulty of exploitation and other public factors may increase or decrease the security of an issue.
     123Finally, ''the above categories are approximation only''; difficulty of exploitation, degree of impact, rarity of configuration, and other public factors may increase or decrease the security of an issue.
    124124
    125125[TODO: Compare the above list with the categories in our bug bounty program.]