Skip to main content



The Common Vulnerability Scoring System or CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. Scores are calculated based on a formula that depends on several metrics that approximate ease of exploit and the impact of exploit. Scores range from 0 to 10, with 10 being the most severe.


These are the rules that must be followed at the time of documenting the mailmap:

  1. Use the email address of the provider over the one of the client.
  2. Do not map by default a non-corporate email such as userdeveloper <[email protected]>.
  3. In order to map a non-corporate email to a corporate one, written request from the client is required.


The Target of Evaluation or ToE is the product or system that will be the subject of the penetration testing done by Fluid Attacks. The ToE is mostly defined by specifying which git repositories and/or environments you want us to check by adding Git Roots and its environments in the Scope section of a group.

NOTE: This subsection of our documentation is under construction.