Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow for industry/sector specific safety impacts #3

Closed
ahouseholder opened this issue Sep 9, 2020 · 1 comment · Fixed by #59
Closed

Allow for industry/sector specific safety impacts #3

ahouseholder opened this issue Sep 9, 2020 · 1 comment · Fixed by #59
Assignees
@ahouseholder @j---
Labels
enhancement New feature or request
Milestone
SSVC v2.0

Comments

@ahouseholder
Copy link
Contributor

When a vulnerability is published in a central place such as NVD, would it be assigned multiple public impacts based on industry, letting the vendor choose which industries they support up to one step knowledge? (Not sure how these questions should be answered, but maybe it can be handled with NVD issuing partial information and then ISAC's potentially issuing further guidance for their constituencies. )

Extends #1 , #2
@ahouseholder ahouseholder added the enhancement New feature or request label Sep 9, 2020
@ahouseholder
Copy link
Contributor Author

ahouseholder commented Sep 9, 2020
edited
Loading

As an example, consider CISA's critical infrastructure sectors or ISACs/ISAOs as potentially having their own safety impact answers for vuls.

I think we'd want to make any sector-based stuff optional, as in you only need it if the impact within a sector is way different from the broader impact. Not setting an expectation that you need to complete a sector impact for every sector for every vul.

@ahouseholder ahouseholder mentioned this issue Sep 25, 2020
Closed
@ahouseholder ahouseholder added this to the SSVC v2 milestone Oct 2, 2020
This was referenced Oct 29, 2020
Closed
Merged
@j--- j--- closed this as completed in #59 Nov 3, 2020
j--- added a commit that referenced this issue Nov 3, 2020
@j---
Merge pull request #59 from ahouseholder/feature/fix_3
25a4d3c 
Fix for #3
laurie-tyz added a commit that referenced this issue Dec 14, 2020
@laurie-tyz
Merge pull request #3 from CERTCC/main
0beeeec 
update my version
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ahouseholder ahouseholder

@j--- j---

Labels
enhancement New feature or request
Projects
None yet
Milestone
SSVC v2.0
2 participants
@ahouseholder @j---