summaryrefslogtreecommitdiff
path: root/chromium/docs/security/sheriff.md
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/docs/security/sheriff.md')
-rw-r--r--chromium/docs/security/sheriff.md11
1 files changed, 6 insertions, 5 deletions
diff --git a/chromium/docs/security/sheriff.md b/chromium/docs/security/sheriff.md
index 897fa7a5cd9..c4418c980fe 100644
--- a/chromium/docs/security/sheriff.md
+++ b/chromium/docs/security/sheriff.md
@@ -248,11 +248,12 @@ the assessment? Be especially on the lookout for Highs that are really
Criticals, and Lows that are really Mediums (make sure to account for process
types and sandbox boundaries).
-For V8 issues, it can be hard to identify the correct security severity. If
-you're not sure, please take your best guess, and add the
-`Security_Needs_Attention-Severity` label alongside the regular
-`Security_Severity-*` label. If you do this, the V8 team will check the
-severity later and change it if necessary.
+For V8 issues, it can be hard to identify the correct security severity.
+Always set the severity to High unless there's strong evidence of an obvious
+mitigation. Please add the `Security_Needs_Attention-Severity` label alongside
+the regular `Security_Severity-*` label. If the bug is not exploitable, or is
+mitigated, the V8 team will reduce the security severity (to avoid unnecessary
+risk of merging the bug into stable branches).
#### Step 3. [Label, label, label](security-labels.md).
View Lorry Controller Status