UNPKG

ssvc

Version:

TypeScript implementation of SSVC (Stakeholder-Specific Vulnerability Categorization). A prioritization framework to triage CVE vulnerabilities as an alternative or compliment to CVSS

github.com/trivialsec/typescript-ssvc

trivialsec/typescript-ssvc

161 lines (157 loc) 4.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: "Coordinator Triage" description: "CERT/CC Coordinator Triage Decision Model" version: "1.0" url: "https://certcc.github.io/SSVC/howto/coordination_triage_decision/" enums: ReportPublicStatus: - "YES" - "NO" SupplierContactedStatus: - "YES" - "NO" ReportCredibilityLevel: - CREDIBLE - NOT_CREDIBLE SupplierCardinalityLevel: - ONE - MULTIPLE SupplierEngagementLevel: - ACTIVE - UNRESPONSIVE UtilityLevel: - LABORIOUS - EFFICIENT - SUPER_EFFECTIVE PublicSafetyImpactLevel: - MINIMAL - SIGNIFICANT ActionType: - DECLINE - TRACK - COORDINATE DecisionPriorityLevel: - LOW - MEDIUM - HIGH priorityMap: DECLINE: LOW TRACK: MEDIUM COORDINATE: HIGH decisionTree: type: ReportPublicStatus children: "YES": type: SupplierContactedStatus children: "YES": type: ReportCredibilityLevel children: CREDIBLE: type: SupplierCardinalityLevel children: MULTIPLE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: COORDINATE MINIMAL: TRACK EFFICIENT: type: PublicSafetyImpactLevel children: SIGNIFICANT: TRACK MINIMAL: DECLINE LABORIOUS: DECLINE ONE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: TRACK MINIMAL: DECLINE EFFICIENT: DECLINE LABORIOUS: DECLINE NOT_CREDIBLE: DECLINE "NO": type: SupplierCardinalityLevel children: MULTIPLE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: COORDINATE MINIMAL: TRACK EFFICIENT: DECLINE LABORIOUS: DECLINE ONE: DECLINE "NO": type: SupplierContactedStatus children: "YES": type: ReportCredibilityLevel children: CREDIBLE: type: SupplierCardinalityLevel children: MULTIPLE: type: SupplierEngagementLevel children: ACTIVE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: COORDINATE MINIMAL: TRACK EFFICIENT: type: PublicSafetyImpactLevel children: SIGNIFICANT: TRACK MINIMAL: TRACK LABORIOUS: TRACK UNRESPONSIVE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: COORDINATE MINIMAL: TRACK EFFICIENT: TRACK LABORIOUS: DECLINE ONE: type: SupplierEngagementLevel children: ACTIVE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: TRACK MINIMAL: TRACK EFFICIENT: TRACK LABORIOUS: DECLINE UNRESPONSIVE: DECLINE NOT_CREDIBLE: DECLINE "NO": type: SupplierCardinalityLevel children: MULTIPLE: type: UtilityLevel children: SUPER_EFFECTIVE: type: PublicSafetyImpactLevel children: SIGNIFICANT: COORDINATE MINIMAL: TRACK EFFICIENT: DECLINE LABORIOUS: DECLINE ONE: DECLINE # Default action for unmapped paths defaultAction: DECLINE