Y
Hacker News
new
|
ask
|
show
|
jobs
by
hef19898
1043 days ago
Sometimes one has to include detectability as well.
2 comments
datadrivenangel
1043 days ago
Severity should include detectability. If you never detect an issue, it's not an issue because nobody sees it.
link
hef19898
1043 days ago
Usually it is a seperate factor, at least as far as P/D-MEAs are concerned. Quick and dirty, sure, it can be included in severity. Personally, I prefer the increased transparency and granularity of having detectability as a different factor.
link
HL33tibCe7
1043 days ago
To me, that’s a subcomponent of severity
link