WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -2411,7 +2411,7 @@ Assuming the threat actor considered above:
Each risk factor value is based on its influence over threat likelihood or threat impact and assigned quantitatively based on a numerical scale from 1 (lowest) to 9 (highest). Each scoring is accompanied by documented rationale for the assigned value, which reflects the product's risk profile as deployed in its intended context, not in isolation. The output of this step is a list of risk factors categorised as influencing either likelihood or impact and scored separately. The likelihood value for each threat is then set equal to the average score among all its likelihood-related risk factors, and the impact value is set equal to the average score among all its impact-related risk factors.
The risk level of each threat is then calculated as the function of its average likelihood and impact values.
The risk level of each threat is then calculated as the product of the average likelihood and impact values.
The product risk level is determined by the highest individual threat risk level across all identified applicable threats. This reflects the inherently high-risk nature of browsers' operational environment and the idea that a browser's overall risk level is better expressed through its worst-case threat exposure and not its average. The product risk level is considered low when the threat risk level is between 1-25/81, medium when it's between 26-50/81, and high when it's between 51-81/81.
