[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [sarif] RE: Change draft for #317: result.kind and result.level
|
And I see my copy-editing skills completely failed me in my first reply. So putting this all cleanly back together, we have: "open" is used by proof-based tools. The tool performs an analysis. Sometimes it can prove there’s a violation (kind = "fail"), sometimes it can prove there is no violation (kind = "pass"), and sometimes it does not detect a
violation, but is unable to prove that there was no violation (kind = "open"). If kind is "open", the user should add additional assertions so the tool can determine whether there is a violation. "review" means something like "The tool isn’t sophisticated detect violations of this rule, so please look for yourself.” In the F2F, Michael gave the example of an accessibility checker that raises issues like “Make sure that
you’re not using color alone to highlight important information.” If kind is "review", the user should look at the code themselves to determine whether there is a violation. -----Original Message----- Yes, thank you, that's right. -----Original Message----- From: sarif@lists.oasis-open.org <sarif@lists.oasis-open.org>
On Behalf Of David Keaton Sent: Tuesday, February 19, 2019 11:10 AM To: sarif@lists.oasis-open.org Subject: Re: [sarif] RE: Change draft for #317: result.kind and result.level If I understand correctly, there is also a difference in the user actions required. "Open" means please provide enough assertions so that the tool can prove whether or not a violation occurred. "Review" means please have human
beings look at this to determine whether or not it is a violation. David On 2/19/19 11:04 AM, Larry Golding (Myriad Consulting Inc) wrote: > *"open"* is used by proof-based tools. The tool performs an analysis.
> Sometimes it can prove there’s a violation (kind = "fail"), sometimes
> can prove there is no violation (kind = "pass"), and sometimes does
> not detect a violation, but it’s unable to /prove/ that there was no
> violation (kind = "open"). > > *"review"* means something like "The tool isn’t sophisticated detect
> violations of this rule, so please look for yourself.” In the F2F,
> Michael gave the example of an accessibility checker that would raise
> issues like “Make sure that you’re not using color alone to highlight
> important information.” > > Larry > > *From:* Yekaterina O'Neil <katrina@microfocus.com> > *Sent:* Tuesday, February 19, 2019 9:31 AM > *To:* Larry Golding (Myriad Consulting Inc) <v-lgold@microsoft.com>;
> OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org> > *Subject:* RE: Change draft for #317: result.kind and result.level > > I still have a hard time understanding the difference between “open”
> and “review” > > k > > *From:* sarif@lists.oasis-open.org <mailto:sarif@lists.oasis-open.org> > [mailto:sarif@lists.oasis-open.org] *On Behalf Of *Larry Golding
> (Myriad Consulting Inc) > *Sent:* Monday, February 18, 2019 2:55 PM > *To:* OASIS SARIF TC Discussion List <sarif@lists.oasis-open.org
> <mailto:sarif@lists.oasis-open.org>> > *Subject:* [sarif] Change draft for #317: result.kind and result.level > > I pushed a change draft for Issue #317: “Consider splitting
> resultlevel into result.level and result.kind”: > > Documents/ChangeDrafts/Active/sarif-v2.0-issue-317-result-level-and-ki > nd.docx > <https://nam06.safelinks.protection.outlook.com/?url=""> > hub.com%2Foasis-tcs%2Fsarif-spec%2Fblob%2Fmaster%2FDocuments%2FChangeD > rafts%2FActive%2Fsarif-v2.0-issue-317-result-level-and-kind.docx&d > ata=02%7C01%7Cv-lgold%40microsoft.com%7C326e414aed7944f22f9708d6969dd3 > 48%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636862001933124119& > ;sdata=ozN%2FXGOl43mR%2Fuvv63aQMTT2eCg%2BKzQoQvh0LWl5rS4%3D&reserv > ed=0> > > We will move its adoption at TC Meeting #32 on Wednesday, February 20^th . > > Thanks, > > Larry > --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://nam06.safelinks.protection.outlook.com/?url="">
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]