Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: clarify wording around security risk #639

Open
hyandell opened this issue May 27, 2024 · 0 comments
Open

Docs: clarify wording around security risk #639

hyandell opened this issue May 27, 2024 · 0 comments

Comments

@hyandell
Copy link

The following feedback to the scorecard website was reported at ossf/alpha-omega#359

The The checks section of the homepage starts with:

The checks collect together security best practises and industry standards

The riskiness of each vulnerability is based on how easy it is to exploit. For example if something can be exploited via a pull request, we consider that a high risk.

The example (described in the last sentence quoted) is very hard to understand. I cannot figure out what "something can be exploited via a pull request" means.

It would help to give an example of what "something" can be and to clarify what you mean by "a pull request".

By the way:
Sentences should be terminated with a full stop ("."), including the one opening the section.
@raghavkaul raghavkaul transferred this issue from ossf/scorecard May 28, 2024
@raghavkaul raghavkaul changed the title Website bug report Docs: clarify wording around security risk May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Scorecard - NEW
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hyandell