Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Terminology Changes #5

Closed
6 tasks done
laurie-tyz opened this issue Sep 9, 2020 · 3 comments
Closed
6 tasks done

Terminology Changes #5

laurie-tyz opened this issue Sep 9, 2020 · 3 comments
Assignees
Labels
enhancement New feature or request
Milestone

Comments

@laurie-tyz
Copy link
Contributor

laurie-tyz commented Sep 9, 2020

"Work Item":

  • Review the various places the phrase is used
  • implement consistently
  • a work item may be something besides a 'patch'. It could be a mitigation, accepting risk, or verifying product is at end of life.
  • Update usage of "Work Item" to align with the above.

For both of "Patch Applier" and "Patch Developer," the following considerations apply:

  • actor description implies only binary actions. Implementing a mitigation, accepting risk or acknowledging product is EOL.
  • Suggest and discuss new ROLE identifiers. Eg., system owner, consumer, defender, deployer, supplier, provider, or distributor.
  • Substitute the new ROLE identifier throughout the document.
  • Review the changes for awkward, or unclear language.
  • change "Patch Applier" to "Supplier"
  • change "Patch Developer" to "Deployer"

"Worst credible"

  • substitute for "worst plausible"

"Out-of-Cycle"

  • substitute for "out-of-band" in document
  • substitute for "out-of-band" in trees and code that produces trees (@j--- )
@laurie-tyz laurie-tyz self-assigned this Sep 9, 2020
@laurie-tyz laurie-tyz added the enhancement New feature or request label Sep 9, 2020
@laurie-tyz laurie-tyz pinned this issue Sep 9, 2020
@laurie-tyz laurie-tyz unpinned this issue Sep 9, 2020
@ahouseholder
Copy link
Contributor

There's room for discussion, but I've been using "system owner" as the stand-in term for the individual or organization that controls the plugged-in boxes and has an interest/skin-in-the-game for the security of the deployed system. System owners might delegate some of those responsibilities to others (patch appliers, sysadmins, security guards, service providers, etc.) but the buck stops at the system owner I think.

@ahouseholder ahouseholder self-assigned this Sep 25, 2020
@ahouseholder
Copy link
Contributor

@laurie-tyz has the lead on this issue.

j--- added a commit that referenced this issue Sep 30, 2020
Partial completion of Issue #5
@j--- j--- linked a pull request Sep 30, 2020 that will close this issue
@j--- j--- removed a link to a pull request Sep 30, 2020
@ahouseholder ahouseholder added this to the SSVC v2 milestone Oct 2, 2020
@ahouseholder ahouseholder linked a pull request Oct 8, 2020 that will close this issue
j--- added a commit that referenced this issue Oct 16, 2020
Issue #5 (Deployer/Supplier) changes
@laurie-tyz
Copy link
Contributor Author

The term 'work item' is gone. Replacement with the use of Work or Work unit.

I will close out this item and begin working on Issue #46

laurie-tyz added a commit that referenced this issue Feb 22, 2021
Merge pull request #93 from laurie-tyz/main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants