Add CVSSv4 crosswalk #6

ahouseholder · 2023-09-27T14:51:39Z

Some elements of CVSSv4 vectors have implications for interaction with Vultron states. We should map those out as a crosswalk similar to https://certcc.github.io/Vultron/reference/ssvc_crosswalk

ahouseholder · 2024-04-18T17:46:15Z

Following is what we had said about CVSS 3.1 in the State-based model paper

CVSS version 3.1
includes a few Temporal Metric variables that connect to this model.
Unfortunately, differences in abstraction between the models leaves a good
deal of ambiguity in the translation. The table below shows the
relationship between the two models.

States	CVSS v3.1 Temporal Metric	CVSS v3.1 Temporal Metric Value(s)
$\cdot\cdot\cdot\cdot XA$	Exploit Maturity	High (H), or Functional (F)
$\cdot\cdot\cdot\cdot X \cdot$	Exploit Maturity	High (H), Functional (F), or Proof-of-Concept (P)
$\cdot\cdot\cdot\cdot x \cdot$	Exploit Maturity	Unproven (U) or Not Defined (X)
$Vf\cdot\cdot\cdot\cdot$	Remediation Level	Not Defined (X), Unavailable (U), Workaround (W), or Temporary Fix (T)
$VF\cdot\cdot\cdot\cdot$	Remediation Level	Temporary Fix (T) or Official Fix (O)

ahouseholder mentioned this issue Sep 27, 2023

Add CVSS v4 crosswalk documentation CERTCC/SSVC#318

Open

ahouseholder added this to the 2023Q4 milestone Sep 28, 2023

ahouseholder modified the milestones: 2023Q4, 2024Q1 Nov 30, 2023

ahouseholder modified the milestones: 2024Q1, 2024Q2 Dec 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CVSSv4 crosswalk #6

Add CVSSv4 crosswalk #6

ahouseholder commented Sep 27, 2023

ahouseholder commented Apr 18, 2024

Add CVSSv4 crosswalk #6

Add CVSSv4 crosswalk #6

Comments

ahouseholder commented Sep 27, 2023

ahouseholder commented Apr 18, 2024