Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Model CVSS v1, v2, v3 vector elements as decision points #330

Closed
ahouseholder opened this issue Oct 2, 2023 · 0 comments · Fixed by #343
Closed

Model CVSS v1, v2, v3 vector elements as decision points #330

ahouseholder opened this issue Oct 2, 2023 · 0 comments · Fixed by #343
Assignees
Labels
enhancement New feature or request

Comments

@ahouseholder
Copy link
Contributor

ahouseholder commented Oct 2, 2023

Because of their ubiquitous availability in vulnerability data sets, we should provide set of decision points specifically to represent CVSS vector elements (aka metrics).

This would also provide us with an opportunity to further exercise our emerging decision point versioning rules, because CVSS has had more revisions over time than SSVC has.

The bulk of the work is in modeling CVSS v3 and v4, but the marginal effort to modeling CVSS v1 and v2 as well is small enough that we should just do all of them.

Edit: In order to line this up with PR #343, this issue is just going to cover v1, v2, and v3. v4 will be covered in a separate issue.

@ahouseholder ahouseholder added the enhancement New feature or request label Oct 2, 2023
@ahouseholder ahouseholder self-assigned this Oct 16, 2023
@ahouseholder ahouseholder changed the title Model CVSS vector elements as decision points Model CVSS v1, v2, v3 vector elements as decision points Oct 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment