Updating risk assessment to match CERT's language

author: kennwhite <github@kennwhite.com> 2014-06-25 21:09:28 -0400
committer: kennwhite <github@kennwhite.com> 2014-06-25 21:09:28 -0400
commit: 993d8479de8e02ec1b87be65c2214c784046be34 (patch)
tree: 230294ac0364687330cc71b23536c7f8d07a20e6 /docs/limitations.rst
parent: 1cf0046789a1aeca1fd8b1da89488986f2539566 (diff)
download: cryptography-993d8479de8e02ec1b87be65c2214c784046be34.tar.gz
cryptography-993d8479de8e02ec1b87be65c2214c784046be34.tar.bz2
cryptography-993d8479de8e02ec1b87be65c2214c784046be34.zip
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/limitations.rst b/docs/limitations.rst
index 5b63ef54..dee189d1 100644
--- a/docs/limitations.rst
+++ b/docs/limitations.rst
@@ -10,9 +10,9 @@ has some kind of local user access or because of how other software uses
 uninitialized memory.
 
 Python exposes no API for us to implement this reliably and as such almost all
-software in Python is potentially vulnerable to this attack. However the
-`CERT secure coding guidelines`_ consider this issue as "low severity,
-unlikely, expensive to repair" and we do not consider this a high risk for most
+software in Python is potentially vulnerable to this attack. The
+`CERT secure coding guidelines`_ assesses this issue as "Severity: medium,
+Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not consider this a high risk for most
 users.
 
 .. _`Memory wiping`:  http://blogs.msdn.com/b/oldnewthing/archive/2013/05/29/10421912.aspx
author	kennwhite <github@kennwhite.com>	2014-06-25 21:09:28 -0400
committer	kennwhite <github@kennwhite.com>	2014-06-25 21:09:28 -0400
commit	993d8479de8e02ec1b87be65c2214c784046be34 (patch)
tree	230294ac0364687330cc71b23536c7f8d07a20e6 /docs/limitations.rst
parent	1cf0046789a1aeca1fd8b1da89488986f2539566 (diff)
download	cryptography-993d8479de8e02ec1b87be65c2214c784046be34.tar.gz cryptography-993d8479de8e02ec1b87be65c2214c784046be34.tar.bz2 cryptography-993d8479de8e02ec1b87be65c2214c784046be34.zip