AWS amazonq medium security documentation change
Summary
Restructured severity determination matrix with updated access/effort combinations and severity ratings. Removed '/doc' reference from documentation generation section.
Security assessment
The changes redefine how security vulnerabilities are categorized based on system access and exploitation effort, directly impacting security risk assessment. Specific examples include critical ratings for internet-accessible system control scenarios and adjusted severity levels for information disclosure risks.
Diff
diff --git a/amazonq/latest/qdeveloper-ug/code-issue-severity.md b/amazonq/latest/qdeveloper-ug/code-issue-severity.md index fee80fd4e..ffce95a80 100644 --- a//amazonq/latest/qdeveloper-ug/code-issue-severity.md +++ b//amazonq/latest/qdeveloper-ug/code-issue-severity.md @@ -17,9 +17,16 @@ The following table outlines how severity is determined based on the level of ac -| Level of Effort ----|--- -| Not exploitable | Requires access to system | Internet with high LoE | Over internet -**Level of access** | | | | -Full control of system or its output | N/A | High | Critical | Critical -Access to sensitive information | N/A | Medium | High | High -Can crash or slow down the system | Low | Low | Medium | Medium -Provides additional security | Info | Info | Low | Low -Best practice | Info | N/A | N/A | N/A +Severity determination matrix Level of access | Level of effort | Severity +---|---|--- +Full control of system or its output | Requires access to system | High +Full control of system or its output | Internet with high level of effort | Critical +Full control of system or its output | Over internet | Critical +Access to sensitive information | Requires access to system | Medium +Access to sensitive information | Internet with high level of effort | High +Access to sensitive information | Over internet | High +Can crash or slow down the system | Requires access to system | Low +Can crash or slow down the system | Internet with high level of effort | Medium +Can crash or slow down the system | Over internet | Medium +Provides additional security | Not exploitable | Info +Provides additional security | Requires access to system | Info +Provides additional security | Internet with high level of effort | Low +Provides additional security | Over internet | Low +Best practice | Not exploitable | Info @@ -59 +66 @@ Filtering code issues -Generating documentation (/doc) +Generating documentation