vanderpol
commented
5 days ago Thanks @balleman-ctr, would you be able to copy a couple examples to show how this would be implemented?
Open balleman-ctr opened 5 days ago
vanderpol
commented
5 days ago Thanks @balleman-ctr, would you be able to copy a couple examples to show how this would be implemented?
The ruleType allows for an impact-metric element for representing a CVSS 2.0 base vector. The element has been marked as deprecated as the “property was found to be of little use in the anticipated XCCDF use-cases”. For DISA STIGs we have been considering using CCSS (Common Configuration Scoring System; NIST IR 7502) and have an approach for using xccdf:metadata for recording the vector. As the ability to represent the scoring vector could benefit interoperability between content and tools, I suggest reconsidering the deprecation of impact-metric with revisions, or creating a new similar element, to extend it to other scoring systems such as CCSS. The use of a “system” attribute, similar to its use in “ident”, could be used to specify which scoring system is represented.