Criteria is the component of Common that maps different security standards to each Fluid Attacks internal requirement, and enumerates the possible types of security findings that Fluid Attacks can find and report in a client.
Here we store Criteria as raw data in a format intended to be consumed by automated processes. Docs also holds a human-readable version of Criteria, but both are different things and have different guarantees.
- The data complies the schema.
- The identifiers and titles of
vulnerabilitiesdo not change.
Criteria is managed as-code using YAML documents in order to make the information easily accessible to automated programs (most programming languages support YAML).
This ensures information contains the required fields, and that it adheres to the expected specification.
End Users and Developers are expected to use the YAML documents directly.
Note that for instance, Docs consumes this information and transforms it into the online version of Criteria.
You can right-click on the image below to open it in a new tab, or save it to your computer.
Please read the contributing page first.