Dennis Clark comments

Results 108 comments of


                                            Dennis Clark

The Severity table in the Vulnerability UI would benefit from some explanation

per @mjherzog "I suspect the best we can do in the short term is to normalize the available security scores by source - in the example above there are 3...

The Severity table in the Vulnerability UI would benefit from some explanation

alternate approach would be to compute a Range rather than an average.

The Severity table in the Vulnerability UI would benefit from some explanation

please keep the fractions and display them in the severity range

The Severity table in the Vulnerability UI would benefit from some explanation

See issue #1187 . closing this one.

Add Exploit Prediction Scoring System (EPSS) scores

See this page for additional info: https://www.first.org/epss/api

Governance

Regarding a spec license, I think that the Community-Spec-1.0 license would be quite suitable. See https://scancode-licensedb.aboutcode.org/csl-1.0.html

Enhance the VCIO UI to make use of all available screen space

Think about both the height and width available on the screen, and consider pagination as well.

Enhance the VCIO UI to make use of all available screen space

this becomes more important when we have more data to display in the UI.

VCIO: Collect CISA Known Exploited Vulnerabilities

A question came up about the meaning or significance of the "dueDate" field in the schema at https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities_schema.json which states that it is a required field, but the only description...

VCIO: Collect CISA Known Exploited Vulnerabilities

The TLA `KEV` is used on the CISA website to refer to `Known Exploited Vulnerabilities`