[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Re: [csaf] CVSS v2/v3 use in CVRF 1.2
- zero or one CVSSv2 and zero or one CVSSv3 - recommendation: either v2 or v3 (or both) because sometimes I would like to publish advisory without scores. at first, wish to advertise threat to the Internet. Next, evaluate the detail of vulnerability with scores. BR Masato On 2017/04/13 11:47, Art Manion wrote: > On 2017-04-12 14:35, Vincent Danen wrote: > >> This is something we probably want to look at for CSAF 2.0, not CVRF >> 1.2. I don't think it can be resolved easily. You could have 12 >> different CVSSv2 scores right now but it's almost pointless if you can't >> map that back to a particular product or scenario. > > Agreed. Thus, I'm proposing that CVRF 1.2 should allow zero or one CVSS > v2 score and zero or one CVSS v3 score. > > A separate question remains: If there is a CVSS score, must it be v3 > (and have an optional single v2 score)? My position is that the score > can be either v2 or v3 (or both). > > - Art > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php > > -- ------------------------------------------------------------------ http://www.hitachi.com/hirt/ http://jvnrss.ise.chuo-u.ac.jp/%7Emasato/eprofile.html ------------------------------------------------------------------ Masato Terada <masato.terada.rd@hitachi.com> KeyID: 0x1A288D8C EA94 E888 84A9 28B0 7BFD D1A5 3E9E 3C73 1A28 8D8C Hitachi Incident Response Team <hirt@hitachi.co.jp>, Hitachi Ltd. Hitachi Omori 2nd Bldg. 10F 6-27-18 Minamioi, Shinagawa, Tokyo, Japan 140-8572 Tel: +81 44 555 0894 Fax: Mobile: +81 90 4369 3601
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]