Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Exposure is fact of matter, not intent #17

Closed
j--- opened this issue Sep 17, 2020 · 2 comments · Fixed by #48
Closed

Exposure is fact of matter, not intent #17

j--- opened this issue Sep 17, 2020 · 2 comments · Fixed by #48
Assignees
Labels
bug Something isn't working
Milestone

Comments

@j---
Copy link
Collaborator

j--- commented Sep 17, 2020

Exposure as written reads like the value is set to what the device should be (SMB or modbus may get set to small) instead of what the device is actually exposed as. "Unavoidable" probably is confusing here.

@j--- j--- added the bug Something isn't working label Sep 17, 2020
@j--- j--- self-assigned this Sep 17, 2020
@ahouseholder ahouseholder self-assigned this Sep 25, 2020
@ahouseholder ahouseholder added this to the SSVC v2 milestone Oct 2, 2020
@ahouseholder
Copy link
Contributor

ahouseholder commented Oct 7, 2020

My suggestion is to make two changes to the System Exposure section of 040_treesForVulMgmt.md:

  • Add note to first paragraph of section indicating that "Exposure should be judged against the system in context as it is actually deployed, which may differ from how it is expected or common to be deployed. For example, the exposure of a CAN bus device will vary depending on whether a cellular modem is also present on the same bus.
  • Modify Unavoidable to a different word, perhaps significant or large or unimpeded etc. (need to choose the right term)

@j---
Copy link
Collaborator Author

j--- commented Oct 8, 2020

Agree with the first note.

Agree that Unavoidable needs to change. What about "open"?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants