SSVC #871
Draft
SSVC #871
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
tschmidtb51
commented
Feb 20, 2025
tschmidtb51
commented
- addresses parts of Include support for SSVC #803
- add SSVC decision point value selection 1.0.1 to schema
- add SSVC decision point value selection 1.0.1 file into referenced schemas
- adapt test scripts
- add SSVC link in informative references
- mention SSVC in design consideration principles
- add SSVC to metrics section
- add SSVC to guidance on size
- add conversion rule
- add mandatory test 6.1.43 to detect inconsistent SSVC IDs
- add SSVC schema to testscript for test data
- add mandatory test 6.1.44 for SSVC
- add mandatory test 6.1.45 for SSVC Decision Point Namespace
- add informative test 6.3.13 for Non-Latest SSVC decision point version
- add optional test 6.2.33 for unknown SSVC namespaces
- add optional test 6.2.34 for unknown SSVC roles
- add invalid examples
- add valid examples
- addresses parts of oasis-tcs#803 - add SSVC decision point value selection 1.0.1 to schema - add SSVC decision point value selection 1.0.1 file into referenced schemas - adapt test scripts
- addresses parts of oasis-tcs#803 - add SSVC link in informative references - mention SSVC in design consideration principles - add SSVC to metrics section
- addresses parts of oasis-tcs#803 - update SSVC key in schema to align with CVSS
- addresses parts of oasis-tcs#803 - update referenced SSVC schema to reflect change from CERTCC/SSVC#654 - reformat JSON schema
- addresses parts of oasis-tcs#803 - update referenced SSVC schema
- addresses parts of oasis-tcs#803 - add SSVC to guidance on size
…to ssvc - resolve conflict in guidance-on-size.md by correct sorting
- addresses parts of oasis-tcs#803 - update link as indicated by CERT/CC
- addresses parts of oasis-tcs#803 - add conversion rule
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.43 to detect inconsistent SSVC IDs - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - add SSVC schema to testscript for test data
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.44 for SSVC - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - correct that 6.1.43 and 6.1.44 just have a single relevant path, not multiple
- addresses parts of oasis-tcs#803 - add mandatory test 6.1.45 for SSVC Decision Point Namespace - add invalid examples - add valid examples
- addresses parts of oasis-tcs#803 - add informative test 6.3.13 for Non-Latest SSVC decision point version - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - add optional test 6.2.33 for unknown SSVC namespaces - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - improve wording by using registered namespaces instead of reserved
- addresses parts of oasis-tcs#803 - add optional test 6.2.34 for unknown SSVC roles - add invalid example - add valid example
- addresses parts of oasis-tcs#803 - update with latest developments from SSVC
tschmidtb51
added
editor-revision
|
@sei-vsarvepalli Please review (especially the examples) |
|
This is in draft mode as we need to wait for the changes from CERTCC/SSVC#704 |
There was a problem hiding this comment.
Mostly reviewed and run locally to verify CSAF test with what we hope to produce as well. Will need to look at updating the schema JSON file ./csaf_2.1/referenced_schema/certcc/Decision_Point_Value_Selection-1-0-1.schema.json according to what will be published as non-breaking changes to the schema in https://certcc.github.io/SSVC/data/schema/v1/ location. location.
sthagen
reviewed
Feb 21, 2025
| * Classification for Document Distribution | ||
| * Traffic Light Protocol (TLP) | ||
| * Default Definition: https://www.first.org/tlp/ | ||
| * Vulnerability Classification |
There was a problem hiding this comment.
Can we move this down, so that we have some loose ordering and grouping like:
- Classification for Document Distribution
- Platform Data
- Vulnerability Categorization
- Vulnerability Classification
- Vulnerability Scoring
... and drop colons where only some same level entries have them or complete (my take is always to not have trailing punctuation when using these 2 dimensional lists engineers love soooo much :-)
There was a problem hiding this comment.
Done in 674e64d
- addresses review comment from oasis-tcs#871 - unify formatting - sort list lexiographically
|
Open ToDos:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.