You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for all the good work automating things here. It looks like an important project.
Asset significance and vulnerability severity may not be the right concepts for the prioritization decision though. What are your thoughts on using something like SSVC? https://github.com/CERTCC/SSVC
It's mostly conceptual so far, but you've done the hard coding work already, the prioritization decision is a small plug-in that is available there, once the data is collected. What would it take to make the decision a bit more transparent along the lines of SSVC? Would that be worthwhile?
The text was updated successfully, but these errors were encountered:
Thanks for all the good work automating things here. It looks like an important project.
Asset significance and vulnerability severity may not be the right concepts for the prioritization decision though. What are your thoughts on using something like SSVC?
https://github.com/CERTCC/SSVC
It's mostly conceptual so far, but you've done the hard coding work already, the prioritization decision is a small plug-in that is available there, once the data is collected. What would it take to make the decision a bit more transparent along the lines of SSVC? Would that be worthwhile?
The text was updated successfully, but these errors were encountered: