Skip to content

Prioritization method #2

Description

@j---

Thanks for all the good work automating things here. It looks like an important project.
Asset significance and vulnerability severity may not be the right concepts for the prioritization decision though. What are your thoughts on using something like SSVC?
https://github.com/CERTCC/SSVC

It's mostly conceptual so far, but you've done the hard coding work already, the prioritization decision is a small plug-in that is available there, once the data is collected. What would it take to make the decision a bit more transparent along the lines of SSVC? Would that be worthwhile?

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions