Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Section for changelog based on closed issues #139

Merged
merged 2 commits into from
Mar 31, 2021
Merged

Section for changelog based on closed issues #139

merged 2 commits into from
Mar 31, 2021

Conversation

j---
Copy link
Collaborator

@j--- j--- commented Mar 29, 2021

fixes #122

@j--- j--- added this to the SSVC v2 milestone Mar 29, 2021
@j--- j--- self-assigned this Mar 29, 2021
ahouseholder
ahouseholder approved these changes Mar 29, 2021
View reviewed changes
Copy link
Contributor

@ahouseholder ahouseholder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

proposed changes look fine to me

laurie-tyz
laurie-tyz approved these changes Mar 30, 2021
View reviewed changes
Copy link
Contributor

@laurie-tyz laurie-tyz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems like more sections/ideas have been added to version 2 vs version 1. Should this section itemize the changes? no, but should one or two more be highlighted? maybe.

zmanion
zmanion reviewed Mar 30, 2021
View reviewed changes
doc/md_src_files/065_changelog.md Outdated
These terms in v2 better reflect the stakeholder's relationship to the vulnerable component and also help keep clear that SSVC is about prioritization of work items in vulnerability management, not just patches.
We have also generally removed the word patch and instead use the more general "remediation" for a complete fix and "mitigation" for actions that reduce risk but do not remove a vulnerability from a system.
"Virulence" was renamed [*Automatable*](#automatable) in a effort to be more direct and clear, rather than relying on an epidemiology metaphor.
Based on feedback from Sounil Yu, we changed "out-of-band" to [**out-of-cycle**](#enumerating-vulnerability-management-actions).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No problem giving direct credit, but are we somewhat consistent about this?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. It looks like the acknowledgements didn't get converted, I'll reintroduce those and make sure they're updated.

@zmanion
Copy link
Contributor

zmanion commented Mar 30, 2021

See a few minor comments in my review, they do not block.

@zmanion zmanion closed this Mar 30, 2021
@zmanion zmanion reopened this Mar 30, 2021
@j--- j--- merged commit 88fe255 into CERTCC:main Mar 31, 2021
@j--- j--- deleted the changelog branch March 5, 2024 16:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@laurie-tyz laurie-tyz laurie-tyz approved these changes

@zmanion zmanion zmanion approved these changes

@ahouseholder ahouseholder ahouseholder approved these changes

Assignees

@j--- j---

Labels
None yet
Projects
None yet
Milestone
SSVC v2.0
Development

Successfully merging this pull request may close these issues.

Summarize changes from v1 in v2 doc
4 participants
@j--- @zmanion @ahouseholder @laurie-tyz