SSVC score is partially generated from vuln/exploit information, this should happen in the characterization step of the reconciler. We are not truly generating an SSVC score here, just the ML generated components of the score. (automatable, exploitStatus, technicalImpact) Exploit status is both an input and output, where we treat the output as "more correct" than the input. We should be sending cve-id, description, and whether or not we have found an exploit for said cve (exploit table contains matching cve), and as a result, get automatable, exploitStatus, and technicalImpact values, to be stored in the db. We will not be storing the actual score anywhere, but querying a second endpoint from ssvc with the values already collected, and will receive 3 scores that correspond to the possible values for missionAndWellbeing (LOW, MEDIUM, HIGH). The API layer will handle querying the second endpoint for these scores when a vulnerability page is loaded, and the UI will display the scores, and which missionAndWellbeing value they correspond to.
This brings up a question of performance/traffic to the ssvc api, do we cache data for a certain amount of time to reduce repetitive calls of the same cve?
SSVC score is partially generated from vuln/exploit information, this should happen in the characterization step of the reconciler. We are not truly generating an SSVC score here, just the ML generated components of the score. (automatable, exploitStatus, technicalImpact) Exploit status is both an input and output, where we treat the output as "more correct" than the input. We should be sending cve-id, description, and whether or not we have found an exploit for said cve (exploit table contains matching cve), and as a result, get automatable, exploitStatus, and technicalImpact values, to be stored in the db. We will not be storing the actual score anywhere, but querying a second endpoint from ssvc with the values already collected, and will receive 3 scores that correspond to the possible values for missionAndWellbeing (LOW, MEDIUM, HIGH). The API layer will handle querying the second endpoint for these scores when a vulnerability page is loaded, and the UI will display the scores, and which missionAndWellbeing value they correspond to.
This brings up a question of performance/traffic to the ssvc api, do we cache data for a certain amount of time to reduce repetitive calls of the same cve?