[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [csaf] CVSS v2/v3 use in CVRF 1.2
Agreed. Thus, I'm proposing that CVRF 1.2 should allow zero or one CVSS
v2 score and zero or one CVSS v3 score.
A separate question remains: If there is a CVSS score, must it be v3
(and have an optional single v2 score)? My position is that the score
can be either v2 or v3 (or both).
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]