The OWASP Top 10 project uses the OWASP Risk Rating Methodology to rank risks on the list.
It looks like a good idea for the Serverless Top 10 project as well. I feel use of this risk rating scale needs to be explicitly evaluated for fit in the serverless context and clearly stated in the final report.
If we reach a consensus that this is a good risk rating scale, we can evaluate OWASP Top 10 risks in the serverless context, replacing the Serverless Risk Meter from the original report.
The OWASP Top 10 project uses the OWASP Risk Rating Methodology to rank risks on the list.
It looks like a good idea for the Serverless Top 10 project as well. I feel use of this risk rating scale needs to be explicitly evaluated for fit in the serverless context and clearly stated in the final report.
If we reach a consensus that this is a good risk rating scale, we can evaluate OWASP Top 10 risks in the serverless context, replacing the
Serverless Risk Meterfrom the original report.