Merge pull request CERTCC#59 from ahouseholder/feature/fix_3

Fix for #3
ahouseholder · Nov 3, 2020 · 25a4d3c · 25a4d3c
2 parents 9134e1b + 367149e
commit 25a4d3c
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/doc/version_1/045_treesForVulMgmt_3.md b/doc/version_1/045_treesForVulMgmt_3.md
@@ -231,6 +231,15 @@ Because of this higher sensitivity to safety concerns, we chose to retain a four
 | Hazardous       | High                      | High        | Very High |
 | Catastrophic    | Very High                 | Very High   | Very High |
 
+#### Adapting Situated Safety / Mission Impact for Sector-Specific Scenarios
+
+We expect to encounter diversity in both safety and mission impacts across different organizations. However, we also anticipate a degree of commonality of impacts to arise across organizations within a given industry sector. For example, different industry sectors may have different use cases for the same software. 
+Therefore, vulnerability information providers -- that is, vulnerability databases, Information Sharing and Analysis Organizations (ISAOs), or Information Sharing and Analysis Centers (ISACs) -- may provide SSVC information tailored as appropriate to their constituency's safety and mission concerns. 
+For considerations on how organizations might communicate SSVC information to their constituents, see [#pilot-results]. 
+<!-- The xref to where information communication is discussed will need to be updated later, but this is the correct v1 xref-->
+<!-- Are vul threat intel feed providers ISAOs? If not, they are also in the "vul info providers" being referred to here -->
+
+
 ### System Exposure (Deployer)
 > The Accessible Attack Surface of the Affected System or Service