-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Split safety impact into supplier / deployer safety impacts #1
Comments
This is also related to feedback from https://blog.secursive.com/posts/critical-look-stakeholder-specific-vulnerability-categorization-ssvc/ |
Updated plan based on recent discussions:
End result for Deployers will be that safety & mission will go from 5x5=25 possibilities to 4x4 -> 3 categories which should reduce the complexity of the deployer tree considerably. |
Squashed commits: [07497bd] compress SafetyImpact into PublicSafetyImpact [6b9c932] ignore a helper xlsx file [576f968] reset inadvertent change [419349d] remove index on supplier csv (+1 squashed commit) Squashed commits: [6486a57] add full supplier csv [6918107] remove index on simplified csv (+1 squashed commit) Squashed commits: [1845f90] add simplified csv [7d07685] add combined safety/mission impact column [52dd62a] remove duplicates after collapsing from 5-4. Keep highest outcome [898a082] collapse two lowest mission and safety impacts into one level each and remove duplicates [b344dea] remove row indices (make future diffs cleaner) [420559c] copy csv files for version 2 [d07e953] fix some straggling Applier / Developers (+2 squashed commits) Squashed commits: [878a91d] wip commit (+1 squashed commit) Squashed commits: [59637d6] fix applier/deployer sub wip commit [80dd092] revert unintended change
Compress safety and mission impacts fix for #1 (+11 squashed commits)
getting a fresh copy of the repository
(This was actually from @j--- I think, I just copied & pasted the text into the issue, so be careful when dereferencing the pronoun "I" in the below)
"Safety Impact" probably needs to be split up into one for the vendor and one for the applier. I think the vendor one could be re-used by a coordinator. I'd call it "public safety impact" or some such. The Applier one would be "situated safety impact" or some such.
The text was updated successfully, but these errors were encountered: