Fixed redundant option for Mission Impact #187
Conversation
According to the documentation on https://github.com/CERTCC/SSVC/blob/main/doc/md_src_files/055_decision-points_2.md#mission-impact "none" and "degraded" are actually just one option called "None/ Non-Essential Degraded".
|
Hi Michael @fruehaufm We left this as duplicate on purpose, there may be cases where this can be made granular differentiated. Eventually these may collapse like you suggested. I understand it may be confusing at this time. Perhaps we can update the documents to indicate this? Let me know if that will help. Thanks |
|
Hi @sei-vsarvepalli Thanks |
sei-vsarvepalli
added
the
documentation
|
I think one move I'd like to make overall is to move away from saying "none" because that can be interpreted as categorically deny there is any impact whatsoever. This is probably never strictly true. Or at least, if the vul does not exist in the organization's infrastructure at all, that should just be a pre-filter on the vul should not be considered. If the intent is to capture the vul may be present and you don't know for sure it is not, then "none" is not appropriate, anyway. If that's what we agree, there should be one Pull removing "none" from the schema and also updating the documentation to make that clear. |
|
That sounds plausible to me. |
OK, great. Do you want to edit your pull to reflect that? |
As discussed in CERTCC#187 .
|
I just edited it and removed "none" instead of "degraded". |
As discussed in CERTCC#187.
According to the documentation on https://github.com/CERTCC/SSVC/blob/main/doc/md_src_files/055_decision-points_2.md#mission-impact "none" and "degraded" are actually just one option called "None/ Non-Essential Degraded".