Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename Exploitation:PoC to Exploitation:Public PoC #352

Closed
ahouseholder opened this issue Oct 17, 2023 · 3 comments · Fixed by #442
Closed

Rename Exploitation:PoC to Exploitation:Public PoC #352

ahouseholder opened this issue Oct 17, 2023 · 3 comments · Fixed by #442
Assignees
@ccullen-cert
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Milestone
2024.3

Comments

@ahouseholder
Copy link
Contributor

ahouseholder commented Oct 17, 2023
edited
Loading

Should we re-name this to "Public PoC" to emphasize it's not just a PoC used to validate that the vulnerability is a real vulnerability?

Originally posted by @j--- in #328 (comment)
@ahouseholder ahouseholder mentioned this issue Oct 17, 2023
Closed
1 task
@ahouseholder ahouseholder changed the title Rename Exploitation:PoC this to "Exploitation:Public PoC" Rename Exploitation:PoC to Exploitation:Public PoC Oct 17, 2023
@ahouseholder
Copy link
Contributor Author

Presumably this would retain the rest of the definition as-is, so if this is just changing the name = "PoC" line 17 I don't see a problem with that.

SSVC/src/ssvc/decision_points/exploitation.py

Lines 16 to 22 in 798ff57

POC = SsvcDecisionPointValue(
name="PoC",
key="P",
description="One of the following cases is true: (1) private evidence of exploitation is attested but not shared; "
"(2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit"
" or ExploitDB; or (4) the vulnerability has a well-known method of exploitation.",
)

@ahouseholder
Copy link
Contributor Author

Note that #353 would also modify the description. If it makes sense to resolve both of these in the same PR that's fine, or separately is ok, too - especially if (as it appears to me) #353 is likely a bit more work than this one, although it still seems rather quick/small to me.

This was referenced Oct 17, 2023
Closed
Closed
@ahouseholder ahouseholder added documentation Improvements or additions to documentation enhancement New feature or request labels Oct 19, 2023
@ccullen-cert ccullen-cert self-assigned this Jan 23, 2024
@ahouseholder ahouseholder added this to the SSVC 202403 milestone Jan 23, 2024
@ccullen-cert
Copy link
Contributor

Here is the Pull request for this issue: #442

@ahouseholder ahouseholder linked a pull request Feb 9, 2024 that will close this issue
Update Exploitation:PoC definition #442
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ccullen-cert ccullen-cert

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
2024.3
Development

Successfully merging a pull request may close this issue.

Update Exploitation:PoC definition ccullen-cert/SSVC-cc
2 participants
@ahouseholder @ccullen-cert