wg-vulnerability-disclosures Specification: OpenSSF Compliant Automated Vulnerability Fix Campaign

Specification: OpenSSF Compliant Automated Vulnerability Fix Campaign

Open JLLeitschuh opened this issue 1 year ago • 1 comments

The following proposed specification is up for review:

https://docs.google.com/document/d/1_QwN7yQXWGM2tJaostIRNqyZIhVceVlIyXqCrSdC4E8

Mar 03 '23 14:03 JLLeitschuh

Have been working on an aligned RFC (still WIP) over here: https://github.com/ietf-scitt/use-cases/pull/18

Seems like transparency services will be where we log the end assessment of is vuln/is not vuln

References
- 2022-07-20 Identifying Security Threats WG
- https://github.com/ossf/s2c2f/blob/main/specification/framework.md#appendix-relation-to-scitt

Mar 20 '23 21:03 johnandersen777