vollkorn on Nostr: How detailed has an OffSec exam report to be? I know of but I just got the question ...
How detailed has an OffSec exam report to be? I know of https://help.offsec.com/hc/en-us/articles/7281947451284-OSWA-Exam-FAQ#h_01G6AF68QX8K38RWGBS7WJCFWM but I just got the question how much information do you have to put in there. Do you need references to all relevant CWEs? Explanations of your threat model? Or is a plain description of the steps without any explanation of the impact sufficient?