ssvc
Version:
TypeScript implementation of SSVC (Stakeholder-Specific Vulnerability Categorization). A prioritization framework to triage CVE vulnerabilities as an alternative or compliment to CVSS
299 lines (290 loc) • 8.06 kB
YAML
name: "Deployer"
description: "CERT/CC Deployer Decision Model"
version: "1.0"
url: "https://certcc.github.io/SSVC/howto/deployer_tree/"
enums:
ExploitationStatus:
- none
- public_poc
- active
SystemExposureLevel:
- small
- controlled
- open
UtilityLevel:
- laborious
- efficient
- super_effective
HumanImpactLevel:
- low
- medium
- high
- very_high
priorityMap:
defer: low
scheduled: medium
out_of_cycle: high
immediate: immediate
defaultAction: defer
decisionTree:
type: ExploitationStatus
children:
none:
type: SystemExposureLevel
children:
small:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: defer
medium: defer
high: scheduled
very_high: scheduled
efficient:
type: HumanImpactLevel
children:
low: defer
medium: defer
high: scheduled
very_high: scheduled
super_effective:
type: HumanImpactLevel
children:
low: defer
medium: scheduled
high: scheduled
very_high: out_of_cycle
controlled:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: defer
medium: defer
high: scheduled
very_high: scheduled
efficient:
type: HumanImpactLevel
children:
low: defer
medium: scheduled
high: scheduled
very_high: out_of_cycle
super_effective:
type: HumanImpactLevel
children:
low: defer
medium: scheduled
high: out_of_cycle
very_high: out_of_cycle
open:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: defer
medium: scheduled
high: scheduled
very_high: out_of_cycle
efficient:
type: HumanImpactLevel
children:
low: scheduled
medium: scheduled
high: out_of_cycle
very_high: out_of_cycle
super_effective:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
public_poc:
type: SystemExposureLevel
children:
small:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: defer
medium: scheduled
high: scheduled
very_high: out_of_cycle
efficient:
type: HumanImpactLevel
children:
low: scheduled
medium: scheduled
high: out_of_cycle
very_high: out_of_cycle
super_effective:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
controlled:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: scheduled
medium: scheduled
high: out_of_cycle
very_high: out_of_cycle
efficient:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
super_effective:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: out_of_cycle
high: immediate
very_high: immediate
open:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
efficient:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: out_of_cycle
high: immediate
very_high: immediate
super_effective:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: immediate
high: immediate
very_high: immediate
active:
type: SystemExposureLevel
children:
small:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: scheduled
medium: scheduled
high: out_of_cycle
very_high: immediate
efficient:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
super_effective:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: out_of_cycle
high: immediate
very_high: immediate
controlled:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: scheduled
medium: out_of_cycle
high: out_of_cycle
very_high: immediate
efficient:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: out_of_cycle
high: immediate
very_high: immediate
super_effective:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: immediate
high: immediate
very_high: immediate
open:
type: UtilityLevel
children:
laborious:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: out_of_cycle
high: immediate
very_high: immediate
efficient:
type: HumanImpactLevel
children:
low: out_of_cycle
medium: immediate
high: immediate
very_high: immediate
super_effective:
type: HumanImpactLevel
children:
low: immediate
medium: immediate
high: immediate
very_high: immediate
# Vector string metadata
vectorMetadata:
prefix: DEPLOYER
version: v1
parameterMappings:
exploitation:
abbrev: E
enumType: ExploitationStatus
valueMappings:
none: N
public_poc: P
active: A
system_exposure:
abbrev: SE
enumType: SystemExposureLevel
valueMappings:
small: S
controlled: C
open: O
utility:
abbrev: U
enumType: UtilityLevel
valueMappings:
laborious: L
efficient: E
super_effective: S
human_impact:
abbrev: HI
enumType: HumanImpactLevel
valueMappings:
low: L
medium: M
high: H
very_high: V