Open blaukc opened 2 months ago
No details provided by team.
Team chose [response.NotInScope
]
Reason for disagreement: This mentions NFRs like use of a DB, which is not allowed in this project. Furthermore, they do mention adhering to industry standard encryption, which I believe was not done and is probably unreasonable in the first place. This should actually be escalated to a severity.Low
Some NFRs they state that might not be reasonable achievable:
industry-standard encryption, RBAC
Some out of scope NFRs are:
disaster recovery measures in event of server failure (i believe this is an offline app)
also talks about managing database queries which is out of scope