Description, Use Case and User Stories
A list of abbreviations that are relevant to Risk Based Prioritization Guide in one file.
A list of definitions in a separate file
Definition of Ready
The details on what's required for definitions and abbreviations are defined.
Acceptance Criteria
The abbreviations are in a text file called abbreviations.md - current file content below.
The definintions are in a table in a document/sheet. These will be converted to a markdown table. This does not exist yet.
The definitions should follow NIST definitions where possible with a link to the nist page https://csrc.nist.gov/glossary
Additional context
The abbreviations are in a specific format - because this allows all abbreviations in the guide to automatically have a hover over for the details.
The existing abbreviations.md file content is
*[CWE]: CWE Common Weakness Enumeration
*[CVE]: CVE Common Vulnerability and Exposures. A standardized list of publicly known vulnerabilities and exposures maintained by the MITRE Corporation.
*[KEV]: Known Exploited Vulnerability
*[NVD]: National Vulnerability Database
*[SSVC]: SSVC Stakeholder-Specific Vulnerability Categorization
*[EPSS]: Exploit Prediction Scoring System
*[CVSS]: Common Vulnerability Scoring System Standard. A framework for scoring the severity of vulnerabilities based on factors such as exploitability and impact.
*[CISA]: Cybersecurity & Infrastructure Security Agency
*[NVD]: National Vulnerability Database
Crashedmind
commented
8 months ago
Description, Use Case and User Stories A list of abbreviations that are relevant to Risk Based Prioritization Guide in one file. A list of definitions in a separate file
Definition of Ready
Acceptance Criteria
Additional context The abbreviations are in a specific format - because this allows all abbreviations in the guide to automatically have a hover over for the details.
The existing abbreviations.md file content is