RE: [sarif] RE: Change draft for #317: result.kind and result.level

["Larry Golding (Myriad Consulting Inc)" <v-lgold@microsoft.com>]

Yes, thank you, that's right.

-----Original Message-----
From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> On Behalf Of David Keaton
Sent: Tuesday, February 19, 2019 11:10 AM
To: sarif@lists.oasis-open.org
Subject: Re: [sarif] RE: Change draft for #317: result.kind and result.level

      If I understand correctly, there is also a difference in the user actions required.  "Open" means please provide enough assertions so that the tool can prove whether or not a violation occurred.  "Review" means please have human beings look at this to determine whether or not it is a violation.

					David

On 2/19/19 11:04 AM, Larry Golding (Myriad Consulting Inc) wrote:
> *"open"* is used by proof-based tools. The tool performs an analysis. 
> Sometimes it can prove there's a violation (kind = "fail"), sometimes 
> can prove there is no violation (kind = "pass"), and sometimes does 
> not detect a violation, but it's unable to /prove/ that there was no 
> violation (kind = "open").
> 
> *"review"* means something like "The tool isn't sophisticated detect 
> violations of this rule, so please look for yourself."  In the F2F, 
> Michael gave the example of an accessibility checker that would raise 
> issues like "Make sure that you're not using color alone to highlight 
> important information."
> 
> Larry
> 
> *From:* Yekaterina O'Neil <katrina@microfocus.com>
> *Sent:* Tuesday, February 19, 2019 9:31 AM
> *To:* Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>; 
> OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org>
> *Subject:* RE: Change draft for #317: result.kind and result.level
> 
> I still have a hard time understanding the difference between "open" 
> and "review"
> 
> k
> 
> *From:* sarif@lists.oasis-open.org <mailto:sarif@lists.oasis-open.org>
> [mailto:sarif@lists.oasis-open.org] *On Behalf Of *Larry Golding 
> (Myriad Consulting Inc)
> *Sent:* Monday, February 18, 2019 2:55 PM
> *To:* OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org 
> <mailto:sarif@lists.oasis-open.org>>
> *Subject:* [sarif] Change draft for #317: result.kind and result.level
> 
> I pushed a change draft for Issue #317: "Consider splitting 
> resultlevel into result.level and result.kind":
> 
> Documents/ChangeDrafts/Active/sarif-v2.0-issue-317-result-level-and-ki
> nd.docx 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
> hub.com%2Foasis-tcs%2Fsarif-spec%2Fblob%2Fmaster%2FDocuments%2FChangeD
> rafts%2FActive%2Fsarif-v2.0-issue-317-result-level-and-kind.docx&amp;d
> ata=02%7C01%7Cv-lgold%40microsoft.com%7C326e414aed7944f22f9708d6969dd3
> 48%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636862001933124119&amp
> ;sdata=ozN%2FXGOl43mR%2Fuvv63aQMTT2eCg%2BKzQoQvh0LWl5rS4%3D&amp;reserv
> ed=0>
> 
> We will move its adoption at TC Meeting #32 on Wednesday, February 20^th .
> 
> Thanks,
> 
> Larry
> 


---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&amp;data=02%7C01%7Cv-lgold%40microsoft.com%7C326e414aed7944f22f9708d6969dd348%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636862001933124119&amp;sdata=3VtzFVwvtEE0w4OMeXHBR3PS6AWaIfiRbJRDnik7LN8%3D&amp;reserved=0