Open ahouseholder opened 9 months ago
I've included a sidebar mention of RMM in
But I think we might want to consider doing more. Maybe something like a crosswalk of the relevant RMM (esp. VAR) sections with SSVC things. The goal being to weave SSVC into an existing fabric of prior vulnerability response process improvement work.
This issue was prompted by my going looking for references about vulnerability response process governance in the service of starting to address
472
Describe the solution you'd like
We should highlight the connection between SSVC and the CERT RMM.
Specifically, this section sort of maps onto the Bootstrapping guidance.
And
This whole section has relevance for parts of SSVC.
Additional context
CERT® Resilience Management Model, Version 1.2 Vulnerability Analysis and Resolution (VAR) https://insights.sei.cmu.edu/documents/1338/2016_009_001_514965.pdf