You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because of their ubiquitous availability in vulnerability data sets, we should provide set of decision points specifically to represent CVSS vector elements (aka metrics).
This would also provide us with an opportunity to further exercise our emerging decision point versioning rules, because CVSS has had more revisions over time than SSVC has.
The bulk of the work is in modeling CVSS v3 and v4, but the marginal effort to modeling CVSS v1 and v2 as well is small enough that we should just do all of them.
Edit: In order to line this up with PR #343, this issue is just going to cover v1, v2, and v3. v4 will be covered in a separate issue.
The text was updated successfully, but these errors were encountered:
Because of their ubiquitous availability in vulnerability data sets, we should provide set of decision points specifically to represent CVSS vector elements (aka metrics).
This would also provide us with an opportunity to further exercise our emerging decision point versioning rules, because CVSS has had more revisions over time than SSVC has.
The bulk of the work is in modeling CVSS v3 and v4, but the marginal effort to modeling CVSS v1 and v2 as well is small enough that we should just do all of them.
Edit: In order to line this up with PR #343, this issue is just going to cover v1, v2, and v3. v4 will be covered in a separate issue.
The text was updated successfully, but these errors were encountered: