Skip to content

Commit

Permalink
Merge main --> publish (#587)
Browse files Browse the repository at this point in the history
* Bump pandas from 2.2.1 to 2.2.2 (#557)

Bumps [pandas](https://github.com/pandas-dev/pandas) from 2.2.1 to 2.2.2.
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v2.2.1...v2.2.2)

---
updated-dependencies:
- dependency-name: pandas
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump scikit-learn from 1.4.1.post1 to 1.4.2 (#556)

Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.4.1.post1 to 1.4.2.
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.4.1.post1...1.4.2)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Allen D. Householder <[email protected]>

* Bump mkdocs-print-site-plugin from 2.3.6 to 2.4.0 in the mkdocs group (#555)

Bumps the mkdocs group with 1 update: [mkdocs-print-site-plugin](https://github.com/timvink/mkdocs-print-site-plugin).


Updates `mkdocs-print-site-plugin` from 2.3.6 to 2.4.0
- [Release notes](https://github.com/timvink/mkdocs-print-site-plugin/releases)
- [Commits](timvink/mkdocs-print-site-plugin@v2.3.6...v2.4.0)

---
updated-dependencies:
- dependency-name: mkdocs-print-site-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Updated Mission-Impact in Deployer.json and in csvs/child_trees to match latest (#559)

* i18n improvement to Deployer.json (#560)

* Updated Mission-Impact in Deployer.json and in csvs/child_trees to match latest

* Add keys to Deployer.json example Issue-123-1

* Update in CSS to fix default darkmode/blackbody

* Bump the mkdocs group with 2 updates (#563)

* Bump the mkdocs group with 2 updates

Bumps the mkdocs group with 3 updates: [mkdocs](https://github.com/mkdocs/mkdocs), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings-python](https://github.com/mkdocstrings/python).

(mkdocs 1.6.0 ignored because incompatible with mkdocs-material 9.5.18

Updates `mkdocs-material` from 9.5.17 to 9.5.18
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.17...9.5.18)

Updates `mkdocstrings-python` from 1.9.2 to 1.10.0
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@1.9.2...1.10.0)

---
updated-dependencies:
- dependency-name: mkdocs
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocstrings-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update requirements.txt

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Allen D. Householder <[email protected]>

* replace vuls.cert.org CVD guide links with certcc.github.io links (#562)

* Add requirements.txt trigger to link_checker.yml

Linkchecker also confirms that the site builds successfully, so any changes to the pip requirements should trigger it to run as well.

* Bump dataclasses-json from 0.6.4 to 0.6.5 (#566)

Bumps [dataclasses-json](https://github.com/lidatong/dataclasses-json) from 0.6.4 to 0.6.5.
- [Release notes](https://github.com/lidatong/dataclasses-json/releases)
- [Commits](lidatong/dataclasses-json@v0.6.4...v0.6.5)

---
updated-dependencies:
- dependency-name: dataclasses-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the mkdocs group across 1 directory with 5 updates (#567)

Bumps the mkdocs group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [mkdocs](https://github.com/mkdocs/mkdocs) | `1.5.3` | `1.6.0` |
| [mkdocs-include-markdown-plugin](https://github.com/mondeja/mkdocs-include-markdown-plugin) | `6.0.5` | `6.0.6` |
| [mkdocs-table-reader-plugin](https://github.com/timvink/mkdocs-table-reader-plugin) | `2.1.0` | `2.2.0` |
| [mkdocs-material](https://github.com/squidfunk/mkdocs-material) | `9.5.18` | `9.5.21` |
| [mkdocstrings](https://github.com/mkdocstrings/mkdocstrings) | `0.24.3` | `0.25.1` |



Updates `mkdocs` from 1.5.3 to 1.6.0
- [Release notes](https://github.com/mkdocs/mkdocs/releases)
- [Commits](mkdocs/mkdocs@1.5.3...1.6.0)

Updates `mkdocs-include-markdown-plugin` from 6.0.5 to 6.0.6
- [Release notes](https://github.com/mondeja/mkdocs-include-markdown-plugin/releases)
- [Commits](mondeja/mkdocs-include-markdown-plugin@v6.0.5...v6.0.6)

Updates `mkdocs-table-reader-plugin` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/timvink/mkdocs-table-reader-plugin/releases)
- [Commits](timvink/mkdocs-table-reader-plugin@v2.1.0...v2.2.0)

Updates `mkdocs-material` from 9.5.18 to 9.5.21
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.18...9.5.21)

Updates `mkdocstrings` from 0.24.3 to 0.25.1
- [Release notes](https://github.com/mkdocstrings/mkdocstrings/releases)
- [Changelog](https://github.com/mkdocstrings/mkdocstrings/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/mkdocstrings@0.24.3...0.25.1)

---
updated-dependencies:
- dependency-name: mkdocs
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
- dependency-name: mkdocs-include-markdown-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocs-table-reader-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocstrings
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump jsonschema from 4.21.1 to 4.22.0 (#568)

Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.21.1 to 4.22.0.
- [Release notes](https://github.com/python-jsonschema/jsonschema/releases)
- [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst)
- [Commits](python-jsonschema/jsonschema@v4.21.1...v4.22.0)

---
updated-dependencies:
- dependency-name: jsonschema
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump dataclasses-json from 0.6.5 to 0.6.6 (#572)

* Bump the mkdocs group with 3 updates (#571)

Bumps the mkdocs group with 3 updates: [mkdocs-table-reader-plugin](https://github.com/timvink/mkdocs-table-reader-plugin), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocs-print-site-plugin](https://github.com/timvink/mkdocs-print-site-plugin).


Updates `mkdocs-table-reader-plugin` from 2.2.0 to 2.2.1
- [Release notes](https://github.com/timvink/mkdocs-table-reader-plugin/releases)
- [Commits](timvink/mkdocs-table-reader-plugin@v2.2.0...v2.2.1)

Updates `mkdocs-material` from 9.5.21 to 9.5.22
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.21...9.5.22)

Updates `mkdocs-print-site-plugin` from 2.4.0 to 2.4.1
- [Release notes](https://github.com/timvink/mkdocs-print-site-plugin/releases)
- [Commits](timvink/mkdocs-print-site-plugin@v2.4.0...v2.4.1)

---
updated-dependencies:
- dependency-name: mkdocs-table-reader-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocs-print-site-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the mkdocs group with 3 updates (#573)

Bumps the mkdocs group with 3 updates: [mkdocs-table-reader-plugin](https://github.com/timvink/mkdocs-table-reader-plugin), [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings-python](https://github.com/mkdocstrings/python).


Updates `mkdocs-table-reader-plugin` from 2.2.1 to 2.2.2
- [Release notes](https://github.com/timvink/mkdocs-table-reader-plugin/releases)
- [Commits](timvink/mkdocs-table-reader-plugin@v2.2.1...v2.2.2)

Updates `mkdocs-material` from 9.5.22 to 9.5.24
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.22...9.5.24)

Updates `mkdocstrings-python` from 1.10.0 to 1.10.2
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@1.10.0...1.10.2)

---
updated-dependencies:
- dependency-name: mkdocs-table-reader-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocstrings-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump scikit-learn from 1.4.2 to 1.5.0 (#575)

Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.4.2 to 1.5.0.
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.4.2...1.5.0)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the mkdocs group with 2 updates (#574)

Bumps the mkdocs group with 2 updates: [mkdocs-material](https://github.com/squidfunk/mkdocs-material) and [mkdocstrings-python](https://github.com/mkdocstrings/python).


Updates `mkdocs-material` from 9.5.24 to 9.5.25
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.24...9.5.25)

Updates `mkdocstrings-python` from 1.10.2 to 1.10.3
- [Release notes](https://github.com/mkdocstrings/python/releases)
- [Changelog](https://github.com/mkdocstrings/python/blob/main/CHANGELOG.md)
- [Commits](mkdocstrings/python@1.10.2...1.10.3)

---
updated-dependencies:
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
- dependency-name: mkdocstrings-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the mkdocs group with 3 updates (#577)

* Fixed URL Typo in README.md (#578)

* Bump dataclasses-json from 0.6.6 to 0.6.7 (#580)

Bumps [dataclasses-json](https://github.com/lidatong/dataclasses-json) from 0.6.6 to 0.6.7.
- [Release notes](https://github.com/lidatong/dataclasses-json/releases)
- [Commits](lidatong/dataclasses-json@v0.6.6...v0.6.7)

---
updated-dependencies:
- dependency-name: dataclasses-json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump the mkdocs group with 2 updates (#579)

Bumps the mkdocs group with 2 updates: [mkdocs-include-markdown-plugin](https://github.com/mondeja/mkdocs-include-markdown-plugin) and [mkdocs-material](https://github.com/squidfunk/mkdocs-material).


Updates `mkdocs-include-markdown-plugin` from 6.1.1 to 6.2.0
- [Release notes](https://github.com/mondeja/mkdocs-include-markdown-plugin/releases)
- [Commits](mondeja/mkdocs-include-markdown-plugin@v6.1.1...v6.2.0)

Updates `mkdocs-material` from 9.5.25 to 9.5.26
- [Release notes](https://github.com/squidfunk/mkdocs-material/releases)
- [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG)
- [Commits](squidfunk/mkdocs-material@9.5.25...9.5.26)

---
updated-dependencies:
- dependency-name: mkdocs-include-markdown-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: mkdocs
- dependency-name: mkdocs-material
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: mkdocs
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* empty dockerfile

* Dockerfile to run pytest

* Mention docker in README.md

* use 3.12 slim bookworm as base container

* Bump mkdocs-material from 9.5.26 to 9.5.27 in the mkdocs group (#583)

* Bump the mkdocs group with 2 updates (#585)

* Make schema available via data/ folder for certcc.github.io (#586)

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vijay Sarvepalli <[email protected]>
Co-authored-by: Patrick Garrity <[email protected]>
  • Loading branch information
4 people authored Jun 25, 2024
1 parent 37f28bc commit 713496e
Show file tree
Hide file tree
Showing 13 changed files with 76 additions and 38 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/link_checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ on:
- '**/*.md'
# run on any PR that changes this workflow
- .github/workflows/linkchecker.yml
# run on any PR that changes the pip requirements
- requirements.txt
# let us trigger it manually
workflow_dispatch:

Expand Down
18 changes: 18 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
FROM python:3.12-slim-bookworm

WORKDIR /app

# install requirements
COPY requirements.txt .
RUN pip install -r requirements.txt

# Copy the files we need
COPY src/ .
COPY data ./data

# install pytest
RUN pip install pytest

# run the unit tests \
ENTRYPOINT ["pytest"]
CMD ["test"]
25 changes: 24 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ This directory holds helper scripts that can make managing or using SSVC easier.
### `/src/ssvc/*`

The `ssvc` python module provides tools to work with decision points, decision point groups, and outcomes.
These modules are used to generate documentation for various [Decision Points](https://certcc.github.io/SSVC/reference/decsion_points/)
These modules are used to generate documentation for various [Decision Points](https://certcc.github.io/SSVC/reference/decision_points/)

Documentation for the `ssvc` module can be found at [https://certcc.github.io/SSVC/reference/code/](https://certcc.github.io/SSVC/reference/code/)

Expand Down Expand Up @@ -101,6 +101,29 @@ Navigate to http://localhost:8001/ to see the site.

(Hint: You can use the `--dev-addr` argument with mkdocs to change the port, e.g. `mkdocs serve --dev-addr localhost:8000`)

## Run tests

We include a few tests for the `ssvc` module.

### With Docker

```bash

docker build -t ssvc_test .
docker run -it --rm ssvc_test
```

### Without Docker

```bash
pip install pytest # if you haven't already

pytest # should find tests in src/test/*
```




## Contributing

- [SSVC Community Engagement](https://certcc.github.io/SSVC/about/contributing/) has more detail on how to contribute to the project.
Expand Down
5 changes: 0 additions & 5 deletions data/csvs/child_trees/human-impact.csv
Original file line number Diff line number Diff line change
@@ -1,25 +1,20 @@
Situated Safety Impact , Mission Impact , Human Impact
None , None , Low
None , Degraded , Low
None , Crippled , Low
None , MEF Failure , Medium
None , Mission Failure , Very High
Minor , None , Low
Minor , Degraded , Low
Minor , Crippled , Low
Minor , MEF Failure , Medium
Minor , Mission Failure , Very High
Major , None , Medium
Major , Degraded , Medium
Major , Crippled , Medium
Major , MEF Failure , High
Major , Mission Failure , Very High
Hazardous , None , High
Hazardous , Degraded , High
Hazardous , Crippled , High
Hazardous , MEF Failure , High
Hazardous , Mission Failure , Very High
Catastrophic , None , Very High
Catastrophic , Degraded , Very High
Catastrophic , Crippled , Very High
Catastrophic , MEF Failure , Very High
Expand Down
1 change: 0 additions & 1 deletion data/schema_examples/CISA-Coordinator.json

This file was deleted.

1 change: 1 addition & 0 deletions docs/data
4 changes: 2 additions & 2 deletions docs/howto/coordination_intro.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ A coordinator may want to gather and publish information about SSVC decision poi
Furthermore, a coordinator may only publish some of the information it uses to make decisions.
Consistent with other stakeholder perspectives (supplier and deployer), SSVC provides the priority with which a coordinator should take some defined action, but not how to do that action.
For more information about types of coordinators and their facilitation actions within vulnerability management, see
[The CERT Guide to Coordinated Vulnerability Disclosure](https://vuls.cert.org/confluence/display/CVD/3.5.+Coordinator)
[The CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD/topics/roles/coordinator/)

The two decisions that CERT/CC makes as a coordinator that we will discuss in terms of SSVC are

Expand All @@ -27,7 +27,7 @@ These two decisions are not the entirety of vulnerability coordination, but we l


Different coordinators have different scopes and constituencies.
See [The CERT Guide to Coordinated Vulnerability Disclosure](https://vuls.cert.org/confluence/display/CVD/3.5.+Coordinator) for a listing of different coordinator types.
See [The CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD/topics/roles/coordinator/) for a listing of different coordinator types.
If a coordinator receives a report that is outside its own work scope or constituency, it should make an effort to route the report to a more suitable coordinator.
The decisions in this section assume the report or vulnerability in question is within the work scope or constituency for the coordinator.

4 changes: 2 additions & 2 deletions docs/howto/coordination_triage_decision.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ SSVC can be applied to either the initial report or to the results of such refin

## Coordinator Triage Decision Outcomes

We take three priority levels in our decision about whether and how to [coordinate](https://vuls.cert.org/confluence/display/CVD/1.1.+Coordinated+Vulnerability+Disclosure+is+a+Process%2C+Not+an+Event)
We take three priority levels in our decision about whether and how to [coordinate](https://certcc.github.io/CERT-Guide-to-CVD/tutorials/cvd_is_a_process/)
a vulnerability based on an incoming report:

!!! info "Coordinator Triage Priority"
Expand Down Expand Up @@ -57,7 +57,7 @@ a vulnerability based on an incoming report:
(VRDA) provides a starting point for a decision model for this situation.
VRDA is likely [adequate](https://insights.sei.cmu.edu/library/effectiveness-of-the-vulnerability-response-decision-assistance-vrda-framework/)
for national-level CSIRTs that do general CVD, but other CSIRT types may have different needs.
The [*CERT Guide to Coordinated Vulnerability Disclosure*](https://vuls.cert.org/confluence/display/CVD/6.10+Troubleshooting+Coordinated+Vulnerability+Disclosure+Table)
The [*CERT Guide to Coordinated Vulnerability Disclosure*](https://certcc.github.io/CERT-Guide-to-CVD/howto/coordination/cvd_recipes/)
provides something similar for those who are deciding how to report and disclose vulnerabilities they have discovered.

The coordination and publication decisions for CERT/CC are about the social and collaborative state of vulnerability management.
Expand Down
2 changes: 1 addition & 1 deletion docs/howto/publication_decision.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Two points where CERT/CC policy clearly influences the publication decision are
As a matter of policy, CERT/CC will support an embargo from the public of information about a vulnerability through its
choice not to publish that information while a number of conditions hold:

- A negotiated embargo timer has not expired. The CERT/CC default embargo period is [45 days](https://vuls.cert.org/confluence/display/Wiki/Vulnerability+Disclosure+Policy).
- A negotiated embargo timer has not expired. The CERT/CC default embargo period is [45 days](https://certcc.github.io/CERT-Guide-to-CVD/reference/certcc_disclosure_policy/).
- Other exceptions have not been met, including active exploitation of the vulnerability in the wild or other public
discussion of the vulnerability details.

Expand Down
15 changes: 4 additions & 11 deletions docs/ssvc-calc/Deployer.json
Original file line number Diff line number Diff line change
Expand Up @@ -99,11 +99,6 @@
"label": "Mission Impact",
"key": "M",
"options": [
{
"label": "none",
"key": "N",
"description": "Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions. (aka Non-Essential Degraded)"
},
{
"label": "degraded",
"key": "D",
Expand Down Expand Up @@ -132,6 +127,7 @@
{
"label": "Human Impact",
"decision_type": "complex",
"key": "H",
"children": [
{
"label": "Situated Safety Impact"
Expand All @@ -158,7 +154,6 @@
"child_label": "Mission Impact",
"child_key": "M",
"child_option_labels":[
"none",
"degraded",
"crippled"
]
Expand Down Expand Up @@ -201,7 +196,6 @@
"child_label": "Mission Impact",
"child_key": "M",
"child_option_labels":[
"none",
"degraded",
"crippled"
]
Expand Down Expand Up @@ -243,7 +237,6 @@
"child_label": "Mission Impact",
"child_key": "M",
"child_option_labels":[
"none",
"degraded",
"crippled",
"mef failure"
Expand Down Expand Up @@ -292,7 +285,6 @@
"child_label": "Mission Impact",
"child_key": "M",
"child_option_labels":[
"none",
"degraded",
"crippled",
"mef failure",
Expand Down Expand Up @@ -335,7 +327,8 @@
"color": "#EA3423"
}
],
"label": "Priority"
"label": "Priority",
"key": "P"
} ],
"decisions_table": [
{
Expand Down Expand Up @@ -844,6 +837,6 @@
}
],
"lang": "en",
"version": "2.0",
"version": "2.0.0",
"title": "Deployer v2.1.0"
}
11 changes: 9 additions & 2 deletions docs/ssvc-calc/css.css
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
/* css version 2.2.8 */
/* css version 2.2.9 */
#helper {
background-color: rgba(255,255,255,0.95);
border: 1px solid grey;
}
.ssvcvector {
color: #7d1d1d;
}
Expand Down Expand Up @@ -185,12 +189,15 @@ span.bold {
text-decoration: none;
color: #fefefe;
}
.blackbody .top_fixed {
background-color: rgba(0,0,0,0.9);
}
.top_fixed {
display:none;
position:fixed;
top:10px;
z-index: 1051;
background-color: rgba(0,0,0,0.9);
background-color: #f8f8ff;
height: 100%;
width:75%;
padding:12px;
Expand Down
2 changes: 1 addition & 1 deletion docs/ssvc-calc/findex.html
Original file line number Diff line number Diff line change
Expand Up @@ -319,7 +319,7 @@ <h5> Public Well-being Impact Decision Values</h5>
<h5>
Stakeholder-Specific Vulnerability Categorization (SSVC)
</h5>
<span class="text-muted">version 2 (October 2020) </span>
<span class="text-muted">Introduction </span>
<hr style="background-color:#9f9f9f"/>
<div style="text-align:left">
<h4>Introduction:</h4>
Expand Down
24 changes: 12 additions & 12 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
mkdocs==1.5.3
mkdocs-bibtex==2.15.0
mkdocs-include-markdown-plugin==6.0.5
mkdocs-table-reader-plugin==2.1.0
mkdocs-material==9.5.17
mkdocs==1.6.0
mkdocs-bibtex==2.16.0
mkdocs-include-markdown-plugin==6.2.1
mkdocs-table-reader-plugin==2.2.2
mkdocs-material==9.5.27
mkdocs-material-extensions==1.3.1
mkdocstrings==0.24.3
mkdocstrings-python==1.9.2
mkdocs-print-site-plugin==2.3.6
dataclasses-json==0.6.4
mkdocstrings==0.25.1
mkdocstrings-python==1.10.5
mkdocs-print-site-plugin==2.5.0
dataclasses-json==0.6.7
thefuzz==0.22.1
pandas==2.2.1
scikit-learn==1.4.1.post1
jsonschema==4.21.1
pandas==2.2.2
scikit-learn==1.5.0
jsonschema==4.22.0
networkx==3.3

0 comments on commit 713496e

Please sign in to comment.