Be more explicit about Class E

In our taxonomy, Class E is not meant to apply to hardening opportunities (which are also technically not vulnerabilities). Be clearer that they are excluded by E. Change-Id: I4830b954104da03bc83e7c3533544a564b4837ce
2016-07-29 17:40:35 +00:00 · 2016-07-29 17:40:35 +00:00 · ddfbe1e123
parent b9badf287f
commit ddfbe1e123
1 changed files with 2 additions and 1 deletions
--- a/doc/source/vmt-process.rst
+++ b/doc/source/vmt-process.rst
@ -198,7 +198,8 @@ warrant an advisory.
 |          | OSSN      | (some) security implications, e.g.,       |
 |          |           | strengthening opportunities               |
 +----------+-----------+-------------------------------------------+
-| Class E  |           | Not a vulnerability at all                |
+| Class E  |           | Neither a vulnerability nor hardening     |
+|          |           | opportunity                               |
 +----------+-----------+-------------------------------------------+
 | Class Y  |           | Vulnerability only found in development   |
 |          |           | release                                   |