Quiz Entry - updated: 2026.06.20
What makes a good threat description and mitigation?
A good threat names the attack, its context, and its impact; a good mitigation is tied to a specific threat, explains how it helps, and ends up as a filed bug.
Threats should describe:
- The attack (what the attacker does)
- The context (where/when it happens)
- The impact (what damage results)
Mitigations should:
- Be associated with a specific threat
- Describe how they address the threat
- Result in a filed bug for tracking
Important: Fuzzing is a test tactic, NOT a mitigation. Testing finds bugs but doesn't fix them.