Skip to content

Is estimation of criticality possible without known use cases? #17

New issue
New issue
Open
#19
Open
Is estimation of criticality possible without known use cases?#17
#19
@tobie

Description

@tobie
tobie
opened on Apr 1, 2025

My understanding is that estimation of criticality is difficult/impossible without specific use cases yet it is indicated as a SHOULD in the spec:

vulnerability-management-spec/spec.md

Line 113 in 2e0d61a

The publication of the list of known Vulnerabilities takes a form of a list of their identification (one or multiple ones) and at least one link to a public resource describing this Vulnerability (at least the affected product and versions, affected configurations and a general description) and RECOMMENDED to include an estimation of severity of the Vulnerability. The Organization MAY include additional information.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions