SSVC icon indicating copy to clipboard operation
SSVC copied to clipboard

Published 20 hours ago verified publisher icon CERTCC

FIRST services framework

Open j--- opened this issue 1 year ago • 2 comments

Service area 3 is about vulnerability triage for PSIRTs https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1

Service area 7.2.2 is about CSIRT vulnerability triage https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1#7-2-Service-Vulnerability-report-intake

SSVC may be in a position to be providing additional detail about these areas. I don't think we're overlapping, but if we are in fact providing additional detail to things listed in the PSIRT and CSIRT services frameworks, we should reach out to FIRST to coordinate and see if they agree and want to link to SSVC documentation for additional detail.

j--- avatar Sep 26 '23 16:09 j---

Need to digest the services frameworks in more detail, but I could imagine one way to represent this could be to do a cross-walk table similar to what we did with Vultron and various vulnerability disclosure ISO docs:

  • https://certcc.github.io/Vultron/reference/iso_30111_2019/
  • https://certcc.github.io/Vultron/reference/iso_29147_2018/
  • https://certcc.github.io/Vultron/reference/iso_5895_2022/

ahouseholder avatar Sep 27 '23 13:09 ahouseholder

Something like this, yes. In this case, I think we also have the opportunity to chat with the FIRST framework authors and get their feedback after we draft it.

j--- avatar Oct 03 '23 15:10 j---