Commit 1f726e25 by Jun Matsushita

Some initial thoughts after talking Citizen Lab Summer Institute participants.

parent ad610ef5
Pipeline #849 failed with stages
in 28 seconds
# Security Audit (Measurement List)
The availability and information contained in a security audit or penetration test.
Samples below reflect that:
- Some audits where not public but information about their existence exists from reputable sources.
- Some audits where publicly disclosed and officially responded to.
## Sample
- Audit Availability (Measurement)
- category: Audit (Category)
- project: Commotion (Project)
- availability: no (Audit Availability Options)
- evidence (Evidence)
- url: https://ritter.vg/blog-otf_report.html
- comment: Tom Ritter is part of iSec Partners that was commissioned by
- metadata (Metadata)
- author: Jun
- datetime: 20160707
## Sample
- Audit Availability (Measurement)
- category: Audit (Category)
- project: Commotion (Project)
- available: no (Audit Availability)
- evidence (Evidence)
- url: https://ritter.vg/blog-otf_report.html
- comment: Tom Ritter is part of iSec Partners that was commissioned by
- metadata (Metadata)
- author: Jun
- datetime: 20160707
- Vulnerability (Measurement)
- category: Audit (Category)
- project: F-Droid
- vulnerability:
- id
- title
- description
- source
## Properties
- Measurement List (Array)
- Audit Availability (Measurement, required)
- Vulnerabilities List (array[Vulnerability])
# Audit Availability (Measurement)
- availability (Audit Availability Options)
# Vulnerability (Measurement)
- vulnerability:
- id (string)
- title (string)
- description (string)
- source (string) - Could be an audit ID?
# Audit Availability Options (enum)
- unknown - Don't know
- known - Knowledge that an audit has been provided.
- metadata - Metadata about the audit (date, number of vulnerabilities, auditor,...). Metadata about the response to the audit.
- vulnerabilities - List of vulnerabilities and metadata (time, code,...)
- fixes - List of fixes and metadata (time, code,...)
# Measurement
- category (Category)
- project (string) - Project identifier
- evidence (Evidence)
- One of
- evidence (Evidence)
- evidencemedium (Evidence Medium)
- evidencestrong (Evidence Strong)
- metadata (Metadata)
# Category (enum)
- Pseudonymity
# Project
- name (string)
# Evidence
- url (string)
- comment (string)
# Evidence Medium
- url (string)
- comment (string)
- screenshot (Attachment)
# Evidence Strong
- url (string)
- url_2 (string)
- url_3 (string)
- comment (string)
- screenshot (Attachment)
# Attachment
- URI (string)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment