LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

What makes a good threat description and mitigation?

A good threat names the attack, its context, and its impact; a good mitigation is tied to a specific threat, explains how it helps, and ends up as a filed bug.

Threats should describe:

  • The attack (what the attacker does)
  • The context (where/when it happens)
  • The impact (what damage results)

Mitigations should:

  • Be associated with a specific threat
  • Describe how they address the threat
  • Result in a filed bug for tracking

Important: Fuzzing is a test tactic, NOT a mitigation. Testing finds bugs but doesn't fix them.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jun 20, 2026