Bug ID 810917: OWASP Compliance score is shown for parent and child policies that are not applicable.

Last Modified: Nov 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Fixed In:
17.0.0

Opened: Jul 30, 2019
Severity: 4-Minor

Symptoms

OWASP score for a parent policy or child policy is shown as 0. The more accurate value should be 'N/A' since these policies are not configurable for OWASP.

Impact

When looking on the policies list, the user may get the impression that the parent or child policies can be configured to comply with OWASP.

Conditions

Create either child policy or parent policy. On Security ›› Application Security : Security Policies : Policies List page you will see in the OWASP Compliance score the value 0, and when going to OWASP page configuration (Security ›› Overview : OWASP Compliance) the user will see a note that the policy is not configurable for OWASP.

Workaround

Ignore OWASP Compliance score for child and parent policies.

Fix Information

None

Behavior Change