Deployed 66992f2 with MkDocs version: 1.5.3

Author: Crashedmind

introduction/Introduction/index.html

@@ -403,6 +403,15 @@
     </span>
   </a>
 
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#who-contributed-to-this-guide" class="md-nav__link">
+    <span class="md-ellipsis">
+      Who Contributed to This Guide
+    </span>
+  </a>
+  
 </li>
 
         <li class="md-nav__item">
@@ -433,18 +442,18 @@
 </li>
 
         <li class="md-nav__item">
-  <a href="#notes" class="md-nav__link">
+  <a href="#alternative-or-additional-guidance" class="md-nav__link">
     <span class="md-ellipsis">
-      Notes
+      Alternative or Additional Guidance
     </span>
   </a>
 
 </li>
 
         <li class="md-nav__item">
-  <a href="#alternative-or-additional-guidance" class="md-nav__link">
+  <a href="#notes" class="md-nav__link">
     <span class="md-ellipsis">
-      Alternative or Additional Guidance
+      Notes
     </span>
   </a>
 
@@ -1371,6 +1380,15 @@
     </span>
   </a>
 
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#who-contributed-to-this-guide" class="md-nav__link">
+    <span class="md-ellipsis">
+      Who Contributed to This Guide
+    </span>
+  </a>
+  
 </li>
 
         <li class="md-nav__item">
@@ -1401,18 +1419,18 @@
 </li>
 
         <li class="md-nav__item">
-  <a href="#notes" class="md-nav__link">
+  <a href="#alternative-or-additional-guidance" class="md-nav__link">
     <span class="md-ellipsis">
-      Notes
+      Alternative or Additional Guidance
     </span>
   </a>
 
 </li>
 
         <li class="md-nav__item">
-  <a href="#alternative-or-additional-guidance" class="md-nav__link">
+  <a href="#notes" class="md-nav__link">
     <span class="md-ellipsis">
-      Alternative or Additional Guidance
+      Notes
     </span>
   </a>
 
@@ -1510,6 +1528,12 @@ <h2 id="how-to-use-this-guide">How to Use This Guide<a class="headerlink" href="
 </ol>
 <p>Each of the <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization Models above use similar risk factors (known exploitation and likelihood of exploitation, with variants of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> base metrics parameters or scores) but in very different ways to rank/score the risk/priority. The outcome is the same - a much more granular prioritization at the high end of risk than offered by <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr>.</p>
 <p>If you're looking for the "easy button", or the one scheme to rule them all for <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization, you won't find it (here or anywhere else).</p>
+<h2 id="who-contributed-to-this-guide">Who Contributed to This Guide<a class="headerlink" href="#who-contributed-to-this-guide" title="Permanent link">&para;</a></h2>
+<p>Various experts and thought leaders <a href="../contributors/">contributed to this guide</a>, including those that:</p>
+<ul>
+<li>developed the standards or solutions described in this guide as used in industry</li>
+<li>have many years of experience in vulnerability management across various <a href="../../requirements/Requirements/#personas">roles</a></li>
+</ul>
 <h2 id="how-to-contribute-to-this-guide">How to Contribute to This Guide<a class="headerlink" href="#how-to-contribute-to-this-guide" title="Permanent link">&para;</a></h2>
 <p>You can contribute content or suggest changes:</p>
 <ul>
@@ -1537,26 +1561,25 @@ <h2 id="source-code">Source Code<a class="headerlink" href="#source-code" title=
 </li>
 <li>This code is licensed under the Apache 2 Open Source License.</li>
 </ol>
+<h2 id="alternative-or-additional-guidance">Alternative or Additional Guidance<a class="headerlink" href="#alternative-or-additional-guidance" title="Permanent link">&para;</a></h2>
+<p>This guide is not an introductory or verbose treatment of topics with broader or background context. For that, consider the following (no affiliation to the authors): </p>
+<ul>
+<li><a href="https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207">Effective Vulnerability Management: Managing <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> in the Vulnerable Digital Ecosystem</a> </li>
+<li><a href="https://www.amazon.com/Software-Transparency-Security-Software-Driven-Society/dp/1394158483/">Software Transparency: Supply Chain Security in an Era of a Software-Driven Society</a></li>
+<li><a href="https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706">Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware</a></li>
+</ul>
 <h2 id="notes">Notes<a class="headerlink" href="#notes" title="Permanent link">&para;</a></h2>
+<div class="admonition notes">
+<p class="admonition-title">Notes</p>
 <ol>
-<li>
-<p>This guide is not affiliated with any Tool/Company/Vendor/Standard/Forum/Data source. </p>
-<ol>
-<li>Mention of a vendor in this guide is not a recommendation or endorsement of that vendor. <ol>
-<li>The choice of vendors was determined by different contributors who had an interest in that vendor.</li>
-</ol>
-</li>
+<li>This guide is not affiliated with any Tool/Company/Vendor/Standard/Forum/Data source. <ol>
+<li>Mention of a vendor in this guide is not a recommendation or endorsement of that vendor. 
+        1. The choice of vendors was determined by different contributors who had an interest in that vendor.</li>
 </ol>
 </li>
-<li>
-<p>This guide is a living document i.e. it will change and grow over time - with your input.</p>
-</li>
+<li>This guide is a living document i.e. it will change and grow over time - with your input.</li>
 </ol>
-<h2 id="alternative-or-additional-guidance">Alternative or Additional Guidance<a class="headerlink" href="#alternative-or-additional-guidance" title="Permanent link">&para;</a></h2>
-<p>This guide is not a verbose treatment of topics with broader or background context. For that, consider the following (no affiliation to the author): </p>
-<ul>
-<li><a href="https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207">Effective Vulnerability Management: Managing <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> in the Vulnerable Digital Ecosystem</a> </li>
-</ul>
+</div>
 
 
 

introduction/contributors/index.html

@@ -1336,7 +1336,12 @@ <h2 id="chris-madden">Chris Madden<a class="headerlink" href="#chris-madden" tit
 <p>A large part of that was to be able to prioritize vulnerabilities by Real <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr>. </p>
 <p>Lots of dumb questions and data analysis later, this guide represents the distillation of that knowledge into a user-centric system view - what I wish I knew before I started - and learnt by interacting with other users, standards groups, and tool vendors. </p>
 <p>There's a friendly vibrant community in this space - many of whom have contributed to this guide.</p>
-<p>Special thanks to my colleague Lisa for the expert input, keeping all this real, and tolerating more dumb questions than any human should endure in one lifetime!</p>
+<p><img alt="🙏" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f64f.svg" title=":pray:" /> Special thanks to</p>
+<ol>
+<li>My family <img alt="❤" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/2764.svg" title=":heart:" /> </li>
+<li>My employer Yahoo for cultivating such a rich environment for people to thrive.</li>
+<li>My colleague Lisa for the expert input, keeping all this real, and tolerating more dumb questions than any human should endure in one lifetime!</li>
+</ol>
 
 
 

print_page/index.html

@@ -1602,6 +1602,12 @@ <h2 id="introduction-introduction-how-to-use-this-guide">How to Use This Guide<a
 </ol>
 <p>Each of the <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization Models above use similar risk factors (known exploitation and likelihood of exploitation, with variants of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> base metrics parameters or scores) but in very different ways to rank/score the risk/priority. The outcome is the same - a much more granular prioritization at the high end of risk than offered by <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr>.</p>
 <p>If you're looking for the "easy button", or the one scheme to rule them all for <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization, you won't find it (here or anywhere else).</p>
+<h2 id="introduction-introduction-who-contributed-to-this-guide">Who Contributed to This Guide<a class="headerlink" href="#introduction-introduction-who-contributed-to-this-guide" title="Permanent link">&para;</a></h2>
+<p>Various experts and thought leaders <a href="#introduction-contributors">contributed to this guide</a>, including those that:</p>
+<ul>
+<li>developed the standards or solutions described in this guide as used in industry</li>
+<li>have many years of experience in vulnerability management across various <a href="#requirements-requirements-personas">roles</a></li>
+</ul>
 <h2 id="introduction-introduction-how-to-contribute-to-this-guide">How to Contribute to This Guide<a class="headerlink" href="#introduction-introduction-how-to-contribute-to-this-guide" title="Permanent link">&para;</a></h2>
 <p>You can contribute content or suggest changes:</p>
 <ul>
@@ -1629,26 +1635,25 @@ <h2 id="introduction-introduction-source-code">Source Code<a class="headerlink"
 </li>
 <li>This code is licensed under the Apache 2 Open Source License.</li>
 </ol>
+<h2 id="introduction-introduction-alternative-or-additional-guidance">Alternative or Additional Guidance<a class="headerlink" href="#introduction-introduction-alternative-or-additional-guidance" title="Permanent link">&para;</a></h2>
+<p>This guide is not an introductory or verbose treatment of topics with broader or background context. For that, consider the following (no affiliation to the authors): </p>
+<ul>
+<li><a href="https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207">Effective Vulnerability Management: Managing <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> in the Vulnerable Digital Ecosystem</a> </li>
+<li><a href="https://www.amazon.com/Software-Transparency-Security-Software-Driven-Society/dp/1394158483/">Software Transparency: Supply Chain Security in an Era of a Software-Driven Society</a></li>
+<li><a href="https://www.amazon.com/Software-Supply-Chain-Security-End/dp/1098133706">Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware</a></li>
+</ul>
 <h2 id="introduction-introduction-notes">Notes<a class="headerlink" href="#introduction-introduction-notes" title="Permanent link">&para;</a></h2>
+<div class="admonition notes">
+<p class="admonition-title">Notes</p>
 <ol>
-<li>
-<p>This guide is not affiliated with any Tool/Company/Vendor/Standard/Forum/Data source. </p>
-<ol>
-<li>Mention of a vendor in this guide is not a recommendation or endorsement of that vendor. <ol>
-<li>The choice of vendors was determined by different contributors who had an interest in that vendor.</li>
+<li>This guide is not affiliated with any Tool/Company/Vendor/Standard/Forum/Data source. <ol>
+<li>Mention of a vendor in this guide is not a recommendation or endorsement of that vendor. 
+        1. The choice of vendors was determined by different contributors who had an interest in that vendor.</li>
 </ol>
 </li>
+<li>This guide is a living document i.e. it will change and grow over time - with your input.</li>
 </ol>
-</li>
-<li>
-<p>This guide is a living document i.e. it will change and grow over time - with your input.</p>
-</li>
-</ol>
-<h2 id="introduction-introduction-alternative-or-additional-guidance">Alternative or Additional Guidance<a class="headerlink" href="#introduction-introduction-alternative-or-additional-guidance" title="Permanent link">&para;</a></h2>
-<p>This guide is not a verbose treatment of topics with broader or background context. For that, consider the following (no affiliation to the author): </p>
-<ul>
-<li><a href="https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207">Effective Vulnerability Management: Managing <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> in the Vulnerable Digital Ecosystem</a> </li>
-</ul></section><section class="print-page" id="introduction-contributors"><h1 id="introduction-contributors-contributors">Contributors<a class="headerlink" href="#introduction-contributors-contributors" title="Permanent link">&para;</a></h1>
+</div></section><section class="print-page" id="introduction-contributors"><h1 id="introduction-contributors-contributors">Contributors<a class="headerlink" href="#introduction-contributors-contributors" title="Permanent link">&para;</a></h1>
 <p>Thanks to all who contributed! <img alt="🙏" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f64f.svg" title=":pray:" /></p>
 <p>Many experts volunteered their time and knowledge to this guide - and for that
 we all benefit and we're truly grateful!</p>
@@ -1677,7 +1682,12 @@ <h2 id="introduction-contributors-chris-madden">Chris Madden<a class="headerlink
 <p>A large part of that was to be able to prioritize vulnerabilities by Real <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr>. </p>
 <p>Lots of dumb questions and data analysis later, this guide represents the distillation of that knowledge into a user-centric system view - what I wish I knew before I started - and learnt by interacting with other users, standards groups, and tool vendors. </p>
 <p>There's a friendly vibrant community in this space - many of whom have contributed to this guide.</p>
-<p>Special thanks to my colleague Lisa for the expert input, keeping all this real, and tolerating more dumb questions than any human should endure in one lifetime!</p></section><section class="print-page" id="introduction-scope"><h1 id="introduction-scope-scope">Scope<a class="headerlink" href="#introduction-scope-scope" title="Permanent link">&para;</a></h1>
+<p><img alt="🙏" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/1f64f.svg" title=":pray:" /> Special thanks to</p>
+<ol>
+<li>My family <img alt="❤" class="twemoji" src="https://cdn.jsdelivr.net/gh/jdecked/twemoji@15.0.3/assets/svg/2764.svg" title=":heart:" /> </li>
+<li>My employer Yahoo for cultivating such a rich environment for people to thrive.</li>
+<li>My colleague Lisa for the expert input, keeping all this real, and tolerating more dumb questions than any human should endure in one lifetime!</li>
+</ol></section><section class="print-page" id="introduction-scope"><h1 id="introduction-scope-scope">Scope<a class="headerlink" href="#introduction-scope-scope" title="Permanent link">&para;</a></h1>
 <div class="admonition abstract">
 <p class="admonition-title">Scope of this Guide</p>
 <p>The scope for this guide is </p>