Vijay Sarvepalli

icon indicating a website link http://www.sei.cmu.edu/

icon company @cmu-sei icon location Washington, DC icon location Enterprise Architect with background in software architecture extending to systems, network and security.

Results 83 comments of Vijay Sarvepalli

Consider support multiple value-selections via a “Selection Set” JSON schema

> [@sei-vsarvepalli](https://github.com/sei-vsarvepalli) We can already express the following, which I would interpret as "all four CVE IDs listed are `ssvc:A:2.0.0=Y`". > > { > "timestamp": "2025-08-27T14:15:41.062106", > "schemaVersion": "2.0.0", >...

Consider support multiple value-selections via a “Selection Set” JSON schema

As a solution I am considering a "SSVC Report" schema that will have the following objects. Just capturing it while I remember! evaluations : list(SelectionList) contacts: Points of Contact (Emails,...

automate pypi release of certcc-ssvc package.

Currently use git tagging is `git tag $(date +%Y.%-m.%-d%H%M)` - just for the workflow notes.

Feature/issue 576

> Following up on [this comment](https://github.com/CERTCC/SSVC/pull/588#discussion_r1655428766) and expanding on [this comment](https://github.com/CERTCC/SSVC/issues/576#issuecomment-2189231325) from #576: > > It seems like we need the list of chosen items to include more specificity about...

Feature/issue 576

Some more issues to be concerned about - Depends on #454 - Outcome groups should be a schema perhaps ? #589 - Small bug src/ssvc/policy_generator.py PolicyGenerator sample fix AUTOMATABLE_1 to...

Feature/issue 576

The example https://github.com/CERTCC/SSVC/blob/7d5aadf71fec2f388f483d50856ab5384a665c8f/data/schema_examples/Decision_Point_Group_Selection.json does not have an identifier such as a CVE or VU# or GHSA etc. This needs to be discussed further too..

Some decision points missing in data/json/ folder

related the file `data/json/decision_points/cvss/availability_impact_2_0_1.json` should actually be `data/json/decision_points/cvss/availability_impact_3_0_0.json` according to the code in https://github.com/CERTCC/SSVC/blob/8887a136b7f7f6c5f6862a1f3dbbb7ecf1ba50a8/src/ssvc/decision_points/cvss/availability_impact.py#L117-L134

Some decision points missing in data/json/ folder

Same with `data/json/decision_points/cvss/confidentiality_impact_2_0_1.json` should be `data/json/decision_points/cvss/confidentiality_impact_3_0_0.json` according to https://github.com/CERTCC/SSVC/blob/8887a136b7f7f6c5f6862a1f3dbbb7ecf1ba50a8/src/ssvc/decision_points/cvss/confidentiality_impact.py#L125-L145 Same with `data/json/decision_points/cvss/integrity_impact_2_0_1.json` should be `data/json/decision_points/cvss/integrity_impact_3_0_0.json` according to https://github.com/CERTCC/SSVC/blob/8887a136b7f7f6c5f6862a1f3dbbb7ecf1ba50a8/src/ssvc/decision_points/cvss/integrity_impact.py#L116-L129

Clarify or add support for Outcome in the Selection Schema

To be clear, it is possible in the current Selection schema (2.0.0) to also provide Outcome, as practically such an outcome is also a decision point as well in its...

Clarify or add support for Outcome in the Selection Schema

Follow CSAF https://github.com/oasis-tcs/csaf/issues/1086 also as potential impacted with this.