Add CVSS

[andresriancho]

Idea

Add a CVSS field.

Problems

We already have a severity field with info/low/med/high which is an alternate representation of risk (which is what CVSS scores). Maybe we could:

• Remove severity from JSON
• Add CVSS
• In the SDK create a method that returns the CVSS: get_cvss
• In the SDK create a method that returns info/low/med/high according to CVSS ranges, 0-2 is info, 2-3 is low, etc.

  Tasks

• [ ] Decide if we want to have CVSS
• [ ] Decide if we want to remove severity
• [ ] Decide the ranges that translate CVSS to severity names

[m0sth8]

:+1: for cvss, :-1: for removing severity

[andresriancho]

@m0sth8 any special case where you see that CVSS could be, for example, 1.0 and the severity would be "high" ? I'm trying to understand why you want to keep severity and at the same time add CVSS

[m0sth8]

Severity field might be useful for tools, that are going to integrate vulndb in their solution, but already use severity.

[andresriancho]

I want to remove the severity from the JSON data, but have the SDKs (for example python-sdk) calculate it based on CVSS. Would that be ok?

[m0sth8]

Yes, It's ok :+1: