Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
hef19898
2y ago
0 comments
Save
Share
Sometimes one has to include detectability as well.
0 comments
3 comments · 2 top-level
top
newest
oldest
datadrivenangel
2y ago
· 1 in thread
Severity should include detectability. If you never detect an issue, it's not an issue because nobody sees it.
hef19898
OP
2y ago
Usually it is a seperate factor, at least as far as P/D-MEAs are concerned. Quick and dirty, sure, it can be included in severity. Personally, I prefer the increased transparency and granularity of having detectability as a different factor.
HL33tibCe7
2y ago
To me, that’s a subcomponent of severity
j
/
k
navigate · click thread line to collapse
