Bug ID 810917: OWASP Compliance score is shown for parent and child policies that are not applicable.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP ASM(all modules)

Fixed In:
17.0.0, 16.1.4

Opened: Jul 30, 2019

Severity: 4-Minor


OWASP score for a parent policy or child policy is shown as 0. The more accurate value should be 'N/A' since these policies are not configurable for OWASP.


When looking on the policies list, the user may get the impression that the parent or child policies can be configured to comply with OWASP.


Create either child policy or parent policy. On Security ›› Application Security : Security Policies : Policies List page you will see in the OWASP Compliance score the value 0, and when going to OWASP page configuration (Security ›› Overview : OWASP Compliance) the user will see a note that the policy is not configurable for OWASP.


Ignore OWASP Compliance score for child and parent policies.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips