Docker.github.io: What are the rules that label vulnerabilities as critical, major, or minor?

Created on 29 Apr 2017  路  5Comments  路  Source: docker/docker.github.io

File: docker-cloud/builds/image-scan.md, CC @londoncalling

All 5 comments

/cc @NathanMcCauley @toli

/cc @amegianeg

I'm sorry @londoncalling but do not know anything about Nautilus. I guess @toli can help

Hey all, the vulnerability scores (a.k.a. CVSS) are defined by the entity that issues the vulnerability (one example is NVD: https://nvd.nist.gov)

We follow the severity range from here: https://www.first.org/cvss/specification-document#5-Qualitative-Severity-Rating-Scale
which is:
None: 0.0
Low/Minor: 0.1-3.9
Medium/Major: 4.0-6.9
High/Critical: 7.0-8.9
Critical: 9.0-10.0

Thanks @venalen I'll add some of this clarification information to the docs.

Was this page helpful?
0 / 5 - 0 ratings