Style tweaks in severity guidelines.

Don't use a heading for emphasized text. Emphasize the parallel important things: fix time for critical, fix time for high. Add a missing "be". Bug: None TBR: awhalley Change-Id: Ib22ff318794c23e83737116d3fbb7b168ecf724d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1696532Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Andrew Whalley <awhalley@chromium.org> Commit-Queue: Andrew Whalley <awhalley@chromium.org> Cr-Commit-Position: refs/heads/master@{#678042}

Style tweaks in severity guidelines.
Don't use a heading for emphasized text. Emphasize the parallel important things: fix time for critical, fix time for high. Add a missing "be". Bug: None TBR: awhalley Change-Id: Ib22ff318794c23e83737116d3fbb7b168ecf724d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1696532Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Andrew Whalley <awhalley@chromium.org> Commit-Queue: Andrew Whalley <awhalley@chromium.org> Cr-Commit-Position: refs/heads/master@{#678042}
91bab480 · Chris Palmer · Commit Bot · 8bea2da4 · 91bab480
Commit 91bab480 authored Jul 17, 2019 by Chris Palmer Committed by Commit Bot Jul 17, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 7 deletions

docs/security/severity-guidelines.md docs/security/severity-guidelines.md +7 -7

No files found.
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md
@@ -27,7 +27,8 @@ milestone (or earliest milestone affected). For critical severity bugs,
 [SheriffBot](https://www.chromium.org/issue-tracking/autotriage) will
 automatically assign the milestone.
-#### For critical vulnerabilities, we aim to deploy the patch to all Chrome users in under 30 days.
+**For critical severity vulnerabilities, we aim to deploy the patch to all
+Chrome users in under 30 days.**
 Critical vulnerability details may be made public in 60 days,
 in accordance with Google's general [vulnerability disclosure recommendations](https://security.googleblog.com/2010/07/rebooting-responsible-disclosure-focus.html),
@@ -60,8 +61,8 @@ milestone (or earliest milestone affected). For high severity bugs,
 [SheriffBot](https://www.chromium.org/issue-tracking/autotriage) will
 automatically assign the milestone.
-For high severity vulnerabilities, we aim to deploy the patch to all Chrome
+**For high severity vulnerabilities, we aim to deploy the patch to all Chrome
-users in under 60 days.
+users in under 60 days.**
 Example bugs:
@@ -88,9 +89,9 @@ Medium severity bugs allow attackers to read or modify limited amounts of
 information, or are not harmful on their own but potentially harmful when
 combined with other bugs. This includes information leaks that could be useful
 in potential memory corruption exploits, or exposure of sensitive user
-information that an attacker can exfiltrate. Bugs that would normally rated at a
+information that an attacker can exfiltrate. Bugs that would normally be rated
-higher severity level with unusual mitigating factors may be rated as medium
+at a higher severity level with unusual mitigating factors may be rated as
-severity.
+medium severity.
 They are normally assigned priority **Pri-1** and assigned to the current stable
 milestone (or earliest milestone affected). If the fix seems too complicated to
@@ -141,4 +142,3 @@ Example bugs:
 The [security FAQ](faq.md) covers many of the cases that we do not consider to
 be security bugs, such as [denial of service](faq.md#TOC-Are-denial-of-service-issues-considered-security-bugs-).