jayjacobs

(one of the creators and co-chair of EPSS SIG here) - **Non-CVE**: EPSS is 100% data driven and trained on vulnerabilities with a CVE. While we are always looking for...

I think the value of adding EPSS into the OSV record is that removes a second step for the consumer. They wouldn't have to go look it up on their...

Feel free to toss me on the next available slot or when ever convenient. I'll talk about EPSS and general vulnerability intel data collection functions I've been building.

I opened a related issue in SSVC, fixing this would make it much easier to parse into structured data. Plus, If I'm reading the [SSVC schema](https://github.com/CERTCC/SSVC/blob/main/data/schema/SSVC_Computed.schema.json) correctly, the `options` is...

What @jgamblin said. The CSV is the best way to download all of the scores with a single call and the API hosted by FIRST actually grabs that file to...

This was discussed in the AWG on 2024-10-23 and requested that use cases be added. - The primary use case for having a clear (and preferably historical) connection between the...

Additionally, the "datePublished" field which should be set internally has 3 different formats:  It looks like the difference is that `YYYY-MM-DDThh:mm:ss` is used when the time is set to...

My recommendation/ask is to convert all date/time fields to be explicitly in the `YYYY-MM-DDThh:mm:ssZ` format. In other words, convert everything to UTC time and adjust if a different time zone...

Open issues for related teams (the cve-services already had a very similar issue opened, so pushing that one forward). CVE Services: https://github.com/CVEProject/cve-services/issues/1274 QWG issue: https://github.com/CVEProject/cve-schema/issues/353

First, I do not understand the need for these to be an ordered list. The "decision tree" in SSVC is simply for visualizing. The ordering of variables will never change...