Product Security Requirements Fields

[devsecopsale]

Is your feature request related to a problem? Please describe It would will useful to have security requirements (i.e. Confidentiality, Integrity, Availability) recorded in each product. That could be used in different ways such as:

• reporting
• CVSS score calculation
• findings severity calculation

Describe the solution you'd like Among product fields, a security requirements section could be added so requirements are recorded with their values (e.g. Very High, High, Medium, Low)

Describe alternatives you've considered NA

Additional context By having those fields by default, it opens the door to automate CVSS calculation on other severity related tasks.