Skip to content

Commit 4e96093

Browse files
CrashedmindCrashedmind
committed
Deployed b9a1147 with MkDocs version: 1.5.3
1 parent 4616edd commit 4e96093

4 files changed

Lines changed: 9 additions & 5 deletions

File tree

print_page/index.html

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5524,8 +5524,10 @@ <h3 id="risk-rbp_schemes-ssvc-decision-trees"><abbr title="SSVC Stakeholder-Spec
55245524
<p>The <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base parameters are used instead of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> scores or ratings.</p>
55255525
<p>Per the <a href="#ssvc-decision_trees_from_scratch"><abbr title="SSVC Stakeholder-Specific Vulnerability Categorization">SSVC</abbr></a> Decision Tree example, the Exploitability and Impact <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Factors that make up the <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base Score are split out separately and used instead of the <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base Score.</p>
55265526
<p>This gives more granularity than combining <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Ratings and Exploitation factors i.e. better <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization.</p>
5527+
<p>Assigned Score is the main output - based on Exploitation, Automatable, TechnicalImpact Decision Node outputs.
5528+
- <abbr title="SSVC Stakeholder-Specific Vulnerability Categorization">SSVC</abbr> groups Decision Tree ouputs into Priorities - but for granular <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization, the main output is most relevant.</p>
55275529
<figure>
5528-
<p><img alt="" src="../assets/images/dt_sankey.png" /> </p>
5530+
<p><img alt="" src="../assets/images/ssvc_parcat.png" /> </p>
55295531
<figcaption>SSVC Decision Tree (Dark Red is highest risk: Exploitation-Active, Automatable-Yes, Technical-Impact Total)</figcaption>
55305532
</figure>
55315533
<div class="admonition observations">
@@ -5569,7 +5571,7 @@ <h3 id="risk-rbp_schemes-ssvc-decision-trees"><abbr title="SSVC Stakeholder-Spec
55695571
<tr>
55705572
<td><img alt="" src="../assets/images/cvss_bt_parcat.png" /></td>
55715573
<td><img alt="" src="../assets/images/cvss_exploitation_parcat.png" /></td>
5572-
<td><img alt="" src="../assets/images/dt_sankey.png" /></td>
5574+
<td><img alt="" src="../assets/images/ssvc_parcat.png" /></td>
55735575
</tr>
55745576
<tr>
55755577
<td>The effect of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base &amp; Threat is to move some CVEs down a Rating e.g. some Critical CVEs move to High</td>

risk/Rbp_schemes/index.html

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1609,8 +1609,10 @@ <h3 id="ssvc-decision-trees"><abbr title="SSVC Stakeholder-Specific Vulnerabilit
16091609
<p>The <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base parameters are used instead of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> scores or ratings.</p>
16101610
<p>Per the <a href="../../ssvc/decision_trees_from_scratch/"><abbr title="SSVC Stakeholder-Specific Vulnerability Categorization">SSVC</abbr></a> Decision Tree example, the Exploitability and Impact <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Factors that make up the <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base Score are split out separately and used instead of the <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base Score.</p>
16111611
<p>This gives more granularity than combining <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Ratings and Exploitation factors i.e. better <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization.</p>
1612+
<p>Assigned Score is the main output - based on Exploitation, Automatable, TechnicalImpact Decision Node outputs.
1613+
- <abbr title="SSVC Stakeholder-Specific Vulnerability Categorization">SSVC</abbr> groups Decision Tree ouputs into Priorities - but for granular <abbr title="The likelihood of a vulnerability being exploited and the potential impact of such an exploit on an organization.">Risk</abbr> Based Prioritization, the main output is most relevant.</p>
16121614
<figure>
1613-
<p><img alt="" src="../../assets/images/dt_sankey.png" /> </p>
1615+
<p><img alt="" src="../../assets/images/ssvc_parcat.png" /> </p>
16141616
<figcaption>SSVC Decision Tree (Dark Red is highest risk: Exploitation-Active, Automatable-Yes, Technical-Impact Total)</figcaption>
16151617
</figure>
16161618
<div class="admonition observations">
@@ -1654,7 +1656,7 @@ <h3 id="ssvc-decision-trees"><abbr title="SSVC Stakeholder-Specific Vulnerabilit
16541656
<tr>
16551657
<td><img alt="" src="../../assets/images/cvss_bt_parcat.png" /></td>
16561658
<td><img alt="" src="../../assets/images/cvss_exploitation_parcat.png" /></td>
1657-
<td><img alt="" src="../../assets/images/dt_sankey.png" /></td>
1659+
<td><img alt="" src="../../assets/images/ssvc_parcat.png" /></td>
16581660
</tr>
16591661
<tr>
16601662
<td>The effect of <abbr title="Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.">CVSS</abbr> Base &amp; Threat is to move some CVEs down a Rating e.g. some Critical CVEs move to High</td>

search/search_index.json

Lines changed: 1 addition & 1 deletion
Large diffs are not rendered by default.

sitemap.xml.gz

0 Bytes
Binary file not shown.

0 commit comments

Comments
 (0)