[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (CSAF-14) Add CVSSv3 support to CVRF
[ https://issues.oasis-open.org/browse/CSAF-14?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=65016#comment-65016 ]
Vincent Danen commented on CSAF-14:
-----------------------------------
Quick note based on conversation in the meeting today, here is where the score set has a minimum of one occurrence:
http://www.icasi.org/cvrf-v1-1-dictionary-of-elements/#38cvs
The optional part is the CVSS Score Sets, but once that is set there is a minimum occurrence. Unfortunately, and what I missed, is that you need to have this which poses the problem of people no longer providing V2 scores. I'm not sure we can have a backwards-incompatible change here after all (if the assumption is "Score Set" will always be V2).
> Add CVSSv3 support to CVRF
> --------------------------
>
> Key: CSAF-14
> URL: https://issues.oasis-open.org/browse/CSAF-14
> Project: OASIS Common Security Advisory Framework (CSAF) TC
> Issue Type: New Feature
> Reporter: Vincent Danen
> Assignee: Feng Cao
>
> To track the addition of CVSSv3 for the next (hopefully quick) revision of CVRF (i.e. CVRF 1.2). This should be very easy to do quickly with no compatibility issues.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]