Thanks for your help on improving our stakeholder-specific vulnerability categorization work. To account for different stakeholder perspectives, we benefit from a diverse group of contributors.
This repository contains both a written document with the English-langauge spec, and some code for automating application of SSVC. Contributions to these two parts of the project look different. We are focusing on getting the English right first, so we know what code to write. Right now we don't have any plans for translations, but if you have interest in that let us know.
The English text lives in the doc subfolder.
We welcome any issues from anyone in the community, so we can discuss them and improve SSVC. If you have a suggestion, please create an issue.
In general, please create an issue before making a pull request to submit a change, except in the case of fixing a small typo, etc.
Please check that your suggestion does not overlap with existing issues (including closed ones)
In the doc folder, please see the style-guide, crossref-how-to, and reference-how-to for how to keep any suggestions or commits aligned with our style consistently.
The tools for working with SSVC live in the src subfolder.
We have limited tooling at the moment. The expectation is that these will mostly be flexible helper-type scripts and plug-ins. Therefore, interoperability is important.
Where the code implements or directly references some aspect of the English document, please make that linkage explicit. We use config files stored in data to to prevent code in src from having fragile dependencies on the English doc.
We would like to minimize manual change management, but at the very least we need to document where changes in the document need to result in changes to code.
Information likely to change based on changes to the English should go in config files to be stored in the data subfolder. Code in the src folder should (as robustly as plausible) be reading that data in.
The process is similar to that for the doc, though the language is different. Please create issues before making pull requests. Pull requests on code should be clear about what they've changed and what you've done. Thanks in advance!
- The license for all code in the repository is here
- The license for all English writing in the repository is here
If you have any questions, a message to j--- should work, or tweet @zmanion or @__adh__.