|
|
|
|
|
|
by Communitivity
857 days ago
|
|
|
Many security specialists via security as described by the CISSP material (Certified Information Systems Security Professional). Loosely speaking, that means ensuring the confidentiality, integrity, and availability of the system (including data received, data stored, and data sent). Viewed in this light a bug that enables a successful Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is a security bug. A bug that causes a DoS or DDoS, but is not exploitable, would not be a security bug (e.g., some idiot added an infinite loop to the startup code). That's where issue triage comes in, a bug should never be assigned before its triaged. Sometimes triage results in 'we don't know enough' and someone gets assigned to evaluate the bug to answer specific questions before triage can finished. After triage is get assigned - or even better, a developer with a matching skill set chooses it to work on for the next release/sprint/etc. |
|
|