More space magic fixes in doctools.py

docs/_generated/decision_points/automatable_2_0_0.md

@@ -5,10 +5,10 @@
 
     Can an attacker reliably automate creating exploitation events for this vulnerability?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | No | Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation. |
-        | Yes | Attackers can reliably automate steps 1-4 of the kill chain. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | No | Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation. |
+    | Yes | Attackers can reliably automate steps 1-4 of the kill chain. |
 
 === "JSON"
 

docs/_generated/decision_points/exploitation_1_0_0.md

@@ -5,11 +5,11 @@
 
     The present state of exploitation of the vulnerability.
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | None | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
-        | PoC | One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. |
-        | Active | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | None | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. |
+    | PoC | One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. |
+    | Active | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. |
 
 === "JSON"
 

docs/_generated/decision_points/human_impact_1_0_0.md

@@ -5,12 +5,12 @@
 
     Human Impact is a combination of Safety and Mission impacts.
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Low | Safety=None/Minor, Mission=None/Degraded/Crippled |
-        | Medium | Safety=None/Minor, Mission=MEF Failure OR Safety=Major, Mission=None/Degraded/Crippled |
-        | High | Safety=Hazardous, Mission=None/Degraded/Crippled/MEF Failure OR Safety=Major, Mission=MEF Failure |
-        | Very High | Safety=Catastrophic OR Mission=Mission Failure |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Low | Safety=None/Minor, Mission=None/Degraded/Crippled |
+    | Medium | Safety=None/Minor, Mission=MEF Failure OR Safety=Major, Mission=None/Degraded/Crippled |
+    | High | Safety=Hazardous, Mission=None/Degraded/Crippled/MEF Failure OR Safety=Major, Mission=MEF Failure |
+    | Very High | Safety=Catastrophic OR Mission=Mission Failure |
 
 === "JSON"
 

docs/_generated/decision_points/mission_impact_1_0_0.md

@@ -5,13 +5,13 @@
 
     Impact on Mission Essential Functions of the Organization
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | None | Little to no impact |
-        | Non-Essential Degraded | Degradation of non-essential functions; chronic degradation would eventually harm essential functions |
-        | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time |
-        | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
-        | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
+    | Value | Definition |
+    |:-----|:-----------|
+    | None | Little to no impact |
+    | Non-Essential Degraded | Degradation of non-essential functions; chronic degradation would eventually harm essential functions |
+    | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time |
+    | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
+    | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
 
 === "JSON"
 

docs/_generated/decision_points/mission_impact_2_0_0.md

@@ -5,12 +5,12 @@
 
     Impact on Mission Essential Functions of the Organization
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Degraded | Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions |
-        | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time |
-        | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
-        | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Degraded | Little to no impact up to degradation of non-essential functions; chronic degradation would eventually harm essential functions |
+    | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time |
+    | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time |
+    | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails |
 
 === "JSON"
 

docs/_generated/decision_points/public_safety_impact_1_0_0.md

@@ -5,10 +5,10 @@
 
     A coarse-grained representation of impact to public safety.
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Minimal | Safety impact of None or Minor. |
-        | Significant | Safety impact of Major, Hazardous, or Catastrophic. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Minimal | Safety impact of None or Minor. |
+    | Significant | Safety impact of Major, Hazardous, or Catastrophic. |
 
 === "JSON"
 

docs/_generated/decision_points/public_value_added_1_0_0.md

@@ -5,11 +5,11 @@
 
     How much value would a publication from the coordinator benefit the broader community?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Precedence | The publication would be the first publicly available, or be coincident with the first publicly available. |
-        | Ampliative | Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc. |
-        | Limited | Minimal value added to the existing public information because existing information is already high quality and in multiple outlets. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Precedence | The publication would be the first publicly available, or be coincident with the first publicly available. |
+    | Ampliative | Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc. |
+    | Limited | Minimal value added to the existing public information because existing information is already high quality and in multiple outlets. |
 
 === "JSON"
 

docs/_generated/decision_points/report_credibility_1_0_0.md

@@ -5,10 +5,10 @@
 
     Is the report credible?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Credible | The report is credible. |
-        | Not Credible | The report is not credible. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Credible | The report is credible. |
+    | Not Credible | The report is not credible. |
 
 === "JSON"
 

docs/_generated/decision_points/report_public_1_0_0.md

@@ -5,10 +5,10 @@
 
     Is a viable report of the details of the vulnerability already publicly available?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | No | No public report of the vulnerability exists. |
-        | Yes | A public report of the vulnerability exists. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | No | No public report of the vulnerability exists. |
+    | Yes | A public report of the vulnerability exists. |
 
 === "JSON"
 

docs/_generated/decision_points/safety_impact_1_0_0.md

@@ -5,13 +5,13 @@
 
     The safety impact of the vulnerability.
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | None | The effect is below the threshold for all aspects described in Minor. |
-        | Minor | Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. |
-        | Major | Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. |
-        | Hazardous | Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A. |
-        | Catastrophic | Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | None | The effect is below the threshold for all aspects described in Minor. |
+    | Minor | Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. |
+    | Major | Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. |
+    | Hazardous | Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A. |
+    | Catastrophic | Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A. |
 
 === "JSON"
 

docs/_generated/decision_points/supplier_cardinality_1_0_0.md

@@ -5,10 +5,10 @@
 
     How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | One | There is only one supplier of the vulnerable component. |
-        | Multiple | There are multiple suppliers of the vulnerable component. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | One | There is only one supplier of the vulnerable component. |
+    | Multiple | There are multiple suppliers of the vulnerable component. |
 
 === "JSON"
 

docs/_generated/decision_points/supplier_contacted_1_0_0.md

@@ -5,10 +5,10 @@
 
     Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | No | The supplier has not been contacted. |
-        | Yes | The supplier has been contacted. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | No | The supplier has not been contacted. |
+    | Yes | The supplier has been contacted. |
 
 === "JSON"
 

docs/_generated/decision_points/supplier_engagement_1_0_0.md

@@ -5,10 +5,10 @@
 
     Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Active | The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort. |
-        | Unresponsive | The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Active | The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort. |
+    | Unresponsive | The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort. |
 
 === "JSON"
 

docs/_generated/decision_points/supplier_involvement_1_0_0.md

@@ -5,11 +5,11 @@
 
     What is the state of the supplier’s work on addressing the vulnerability?
 
-        | Value | Definition |
-        |:-----|:-----------|
-        | Fix Ready | The supplier has provided a patch or fix. |
-        | Cooperative | The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time. |
-        | Uncooperative/Unresponsive | The supplier has not responded, declined to generate a remediation, or no longer exists. |
+    | Value | Definition |
+    |:-----|:-----------|
+    | Fix Ready | The supplier has provided a patch or fix. |
+    | Cooperative | The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time. |
+    | Uncooperative/Unresponsive | The supplier has not responded, declined to generate a remediation, or no longer exists. |
 
 === "JSON"