SSVC
SSVC copied to clipboard
CERTCC
Stakeholder-Specific Vulnerability Categorization
Due to - #376 which added a [list of CWEs](https://github.com/CERTCC/SSVC/blob/main/data/csvs/cwe/possible-cwe-with-poc-examples.csv), the following content should be revised. https://github.com/CERTCC/SSVC/blob/d09330154729a7f0ab55b71bc4635be2e73db5f9/docs/topics/information_sources.md?plain=1#L89-L99 (it's no longer a possible future, we have the list now)
**Describe the bug** Many of the decision point pages have the "Gathering info..." section as a `!!! tip` callout. The following pages have it as a section heading. https://certcc.github.io/SSVC/reference/decision_points/mission_impact/ https://certcc.github.io/SSVC/reference/decision_points/safety_impact/...
**Is your feature request related to a problem? Please describe.** Most of our decision point pages have some text in addition to the bare decision point specification. This is useful...
**Describe the bug** https://certcc.github.io/SSVC/howto/acuity_ramp uses Safety 1.0.0 instead of Safety 2.0.0 **To Reproduce** Steps to reproduce the behavior: 1. Go to https://certcc.github.io/SSVC/howto/acuity_ramp 2. Search in page for `Safety Impact v`...
**Is your feature request related to a problem? Please describe.** The formatting of the CWE `/data/csvs/cwe/possible-cwe-with-poc-examples.csv` file added in #376, when rendered in the static site, looks odd because the...
The discussion in #370 reminded me that ADR-006 contains the following line: > - Multiple versions of decision points will be "live and available for use" by folks modeling decisions...
**Describe the solution you'd like** (based on a suggestion from @laurie-tyz) `/docs/howto/bootstrap/use.md` has a section `Information Changes Over Time`. In it are some suggestions for individual decision points and "polling...
**Describe the solution you'd like** (Based on a suggestion from @laurie-tyz) We have some suggested defaults in `/docs/howto/bootstrap/collect.md`. We can split them out into separate files, then include them back...
See https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string ...which describes: ``` ^(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)(?:-(?P(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+(?P[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ ``` We should implement a check at the init time of `ssvc._mixins._Versioned` that verifies this regex and throws an error if it is not...
While resolving #311 in code, #439 focused (appropriately narrowly) on the decision point definitions in the python. ADH noted there that > Also, I am avoiding updating any additional documentation,...
