Feature request: Add source (reference) to CVSS

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code

https://github.com/oasis-tcs/csaf

Other

145 stars 38 forks source link

Feature request: Add source (reference) to CVSS #624

Closed jaccoNCSCNL closed 1 month ago

jaccoNCSCNL commented 1 year ago

As a national CERT we often bundle multiple advisories into one. This also means that we sometimes have conflicting CVSS scores from different sources for the same vulnerability. We think that it would make sense to add an optional source (or reference) to a CVSS score which would indicate who made this score.

tschmidtb51 commented 1 year ago

Thank you for the suggestion. The TC will discuss the suggestion.

sthagen commented 1 year ago

During the 2023-09-27 meeting of the TC the members agreed to implement the feature in CSAF v2.1.

jaccoNCSCNL commented 5 months ago

Thanks!

tschmidtb51 commented 2 months ago

@jaccoNCSCNL To follow the OASIS process, please also announced the request on the comment mailing list. A simple email pointing to the issue should be sufficient.