diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-06-25 20:50:42 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-06-25 20:50:42 -0600 |
| commit | 7bcfbf8e3d831c1d26f4dea34a2bcf6427c7d481 (patch) | |
| tree | 230294ac0364687330cc71b23536c7f8d07a20e6 /docs/limitations.rst | |
| parent | 1cf0046789a1aeca1fd8b1da89488986f2539566 (diff) | |
| parent | 993d8479de8e02ec1b87be65c2214c784046be34 (diff) | |
| download | cryptography-7bcfbf8e3d831c1d26f4dea34a2bcf6427c7d481.tar.gz cryptography-7bcfbf8e3d831c1d26f4dea34a2bcf6427c7d481.tar.bz2 cryptography-7bcfbf8e3d831c1d26f4dea34a2bcf6427c7d481.zip | |
Merge pull request #1182 from kennwhite/patch-1
Updating risk assessment to match CERT's language
Diffstat (limited to 'docs/limitations.rst')
| -rw-r--r-- | docs/limitations.rst | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/limitations.rst b/docs/limitations.rst index 5b63ef54..dee189d1 100644 --- a/docs/limitations.rst +++ b/docs/limitations.rst @@ -10,9 +10,9 @@ has some kind of local user access or because of how other software uses uninitialized memory. Python exposes no API for us to implement this reliably and as such almost all -software in Python is potentially vulnerable to this attack. However the -`CERT secure coding guidelines`_ consider this issue as "low severity, -unlikely, expensive to repair" and we do not consider this a high risk for most +software in Python is potentially vulnerable to this attack. The +`CERT secure coding guidelines`_ assesses this issue as "Severity: medium, +Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not consider this a high risk for most users. .. _`Memory wiping`: http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx |