-
# Situation / Comment
> 3.1.3.3 Full Product Name Type - Product Identification Helper
>
> We welcome the addition of new ways to identify products besides CPE. Two
issues we face in this regar…
-
# Situation / Comment
> 3.1.11.2 Version Type - Semantic versioning
>
> The idea of semantic versioning, especially denoting a need to rematch by
increasing the major version is interesting. We…
-
It would be useful to have a column for machine-readable cpe's for each affected product version.
-
We currently do not feel confident to implement 6.1.26 in Secvisogram, as it seems contractionary for us:
### How we understand the specification
6.1.26 states
> It **must** be tested that the…
-
implement in CSAF a recovery maneuver that completes the RTA for the end to end demo of CP 3.2
-
Looks like CSAF schema is ever-evolving and changing. The new schema has dropped the previous fields such as "text" and made the "category field compulsory in many locations. The link to the latest…
-
Storyboard
Configuration
- 1x F16
- 1x F16 intruder, Non-Adversarial, non-cooperative , fixed course and speed (2D only)(TBD perhaps have intruder make one CA maneuver?). TODO REVIEW
- 1x static …
-
We should add links to the public accessible presentations / videos /slides /papers about CSAF 2.0. Currently, I'm aware of the following:
- [Your critical system IS (NOT?) vulnerable: CSAF, VEX, SBO…
-
I don't understand why you care about file extension. What I think you should care more about is content media type, so that the information can be properly identified and acted on with automation. …
elear updated
3 years ago
-
OpenPGP signatures are not scalable for automation. Wouldn't a JOSE signature be appropriate?
elear updated
3 years ago