SSVC
SSVC copied to clipboard
CERTCC
Stakeholder-Specific Vulnerability Categorization
**Describe the bug** This may be resolved by automatic generation of decision points json as well as the outcome groups json from #739 , but at this time the following...
@tschmidtb51 suggested this in a comment on #703: > I'm currently implementing SSVC in CSAF. My suggestion is to have a registry of namespaces. The registry should contain the `namespace`...
**Is your feature request related to a problem? Please describe.** Our documentation has the concept of [Compound Decision Points](https://vuls.cert.org/SSVC/reference/decision_points/compound_decision_points/). Now that I'm working on a _Decision Table_ class in #592,...
This is intended to be dealt after #749 is merged. We currently have things in the decision point directories in both the data and python folders organized where the "ssvc"...
**Is your feature request related to a problem? Please describe.** CISA's adoption of SSVC resulted in their own customized outcome set that they use internally. However, some of the terminology...
**Is your feature request related to a problem? Please describe.** SSVC has no native decision points to support categorization of systems by security requirement levels. **Describe the solution you'd like**...
**Is your feature request related to a problem? Please describe.** The Exploitation decision point covers three observable states: None, Public PoC, and Active. However, we have received feedback that time...
**Is your feature request related to a problem? Please describe.** Patch deployment is rarely a one-shot event in a network of any significant size. "Percentage of Systems Patched" is a...
**Is your feature request related to a problem? Please describe.** Some organizations consider the nature of their monitoring and defenses as a factor in their vulnerability management processes. Salient features...
**Is your feature request related to a problem? Please describe.** Using the word "policy" to describe the mapping of a combination of decision point values to an outcome set might...