SSVC icon indicating copy to clipboard operation
SSVC copied to clipboard

Published 20 hours ago verified publisher icon CERTCC

Model CVSSv4 macrovectors as an SSVC tree

Open ahouseholder opened this issue 1 year ago • 3 comments

CVSS v4 uses the concept of macrovectors. I'm not going to explain that here, check out the CVSS v4 spec for that.

It might be interesting to use SSVC to construct a model of CVSSv4 macrovectors -> CVSSv4 categories (Low, Medium, High, Critical) for demonstration purposes.

ahouseholder avatar Oct 02 '23 19:10 ahouseholder

Here is the JSON representation of the CVSSv4 as a Decision Tree - we can save it for later. CVSS_v4_as_Tree_json.txt

sei-vsarvepalli avatar Oct 02 '23 20:10 sei-vsarvepalli

We definitely arranged the equivalency sets in a decision tree. However, the process for community voting on assigning relative ranking (and therefore the labels 0.1 to 10.0) is probably more interesting than the fact that the equivalence sets are arranged into a decision tree.

Is there anything else to do for this? I don't see any further concrete value add.

j--- avatar Oct 11 '23 22:10 j---

Is there anything else to do for this? I don't see any further concrete value add.

Yeah, I want this to exist in python because I want to be able to do things with it like use some of the other tooling I'm building on it.

ahouseholder avatar Oct 19 '23 18:10 ahouseholder