-
Notifications
You must be signed in to change notification settings - Fork 43
Expand file tree
/
Copy pathmkdocs.yml
More file actions
269 lines (269 loc) · 12.1 KB
/
mkdocs.yml
File metadata and controls
269 lines (269 loc) · 12.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
site_name: "SSVC: Stakeholder-Specific Vulnerability Categorization"
site_url: 'https://certcc.github.io/SSVC/'
site_description: 'SSVC is a framework for prioritizing vulnerabilities based on stakeholder needs.'
site_author: 'CERT Coordination Center'
nav:
- Home: 'https://certcc.github.io/'
- SSVC: 'index.md'
- SSVC Overview:
- 'tutorials/ssvc_overview.md'
- Starting out with SSVC: 'tutorials/starting_points.md'
- Other Resources: 'tutorials/other_resources.md'
- SSVC How-To:
- Overview: 'howto/index.md'
- Getting Started with SSVC:
- Intro: 'howto/bootstrap/index.md'
- Prepare: 'howto/bootstrap/prepare.md'
- Collect: 'howto/bootstrap/collect.md'
- Use & Respond: 'howto/bootstrap/use.md'
- Summary: 'howto/bootstrap/summary.md'
- Stakeholder Decision Models:
- Supplier Decision Model: 'howto/supplier_tree.md'
- Deployer Decision Model: 'howto/deployer_tree.md'
- Coordinator Decision Models:
- About Coordination: 'howto/coordination_intro.md'
- Coordination Triage: 'howto/coordination_triage_decision.md'
- Publication Decision: 'howto/publication_decision.md'
- CVSS v4 Analyst Models:
- About CVSS v4: 'howto/cvss_v4/index.md'
- Equivalence Set 1: 'howto/cvss_v4/eq1.md'
- Equivalence Set 2: 'howto/cvss_v4/eq2.md'
- Equivalence Set 3: 'howto/cvss_v4/eq3.md'
- Equivalence Set 4: 'howto/cvss_v4/eq4.md'
- Equivalence Set 5: 'howto/cvss_v4/eq5.md'
- Equivalence Set 6: 'howto/cvss_v4/eq6.md'
- Qualitative Severity: 'howto/cvss_v4/qualitative.md'
- Gathering Info about Decision Points:
- Intro: 'howto/gathering_info/index.md'
- Automatable: 'howto/gathering_info/automatable.md'
- Exploitation: 'howto/gathering_info/exploitation.md'
- Mission Impact: 'howto/gathering_info/mission_impact.md'
- System Exposure: 'howto/gathering_info/system_exposure.md'
- Technical Impact: 'howto/gathering_info/technical_impact.md'
- Value Density: 'howto/gathering_info/value_density.md'
- Customizing SSVC: 'howto/tree_customization.md'
- Acuity Ramp: 'howto/acuity_ramp.md'
- Using EPSS with SSVC:
- 'howto/using_epss/index.md'
- EPSS Probability as input to Exploitation: 'howto/using_epss/epss_probability.md'
- EPSS Percentiles as an Amplifier: 'howto/using_epss/epss_percentiles.md'
- SSVC Tools:
- Docker Containers: 'howto/tools/containers.md'
- Understanding SSVC:
- Intro: 'topics/index.md'
- State of Practice: 'topics/state_of_practice.md'
- Representing Information:
- Design Goals: 'topics/representing_information.md'
- Formalization Options: 'topics/formalization_options.md'
- Decision Trees: 'topics/decision_trees.md'
- Vulnerability Management Decisions:
- Intro: 'topics/vulnerability_management_decisions.md'
- Stakeholders: 'topics/enumerating_stakeholders.md'
- Decisions: 'topics/enumerating_decisions.md'
- Items With Same Priority: 'topics/items_with_same_priority.md'
- Risk Tolerance and Priority: 'topics/risk_tolerance_and_priority.md'
- Scope: 'topics/scope.md'
- SSVC and Asset Management: 'topics/asset_management.md'
- Putting the Pieces Together: 'topics/decision_points_as_bricks.md'
- Worked Example: 'topics/worked_example.md'
- Evaluation: 'topics/evaluation_of_draft_trees.md'
- Related Systems: 'topics/related_systems.md'
- Information Sources: 'topics/information_sources.md'
- Limitations: 'topics/limitations.md'
- Future Work: 'topics/future_work.md'
- Reference:
- Intro: 'reference/index.md'
- Decision Points:
- Intro: 'reference/decision_points/index.md'
- Automatable: 'reference/decision_points/automatable.md'
- Exploitation: 'reference/decision_points/exploitation.md'
- Mission Impact: 'reference/decision_points/mission_impact.md'
- Public Value Added: 'reference/decision_points/public_value_added.md'
- Report Credibility: 'reference/decision_points/report_credibility.md'
- Report Public: 'reference/decision_points/report_public.md'
- Safety Impact: 'reference/decision_points/safety_impact.md'
- Supplier Cardinality: 'reference/decision_points/supplier_cardinality.md'
- Supplier Contacted: 'reference/decision_points/supplier_contacted.md'
- Supplier Engagement: 'reference/decision_points/supplier_engagement.md'
- Supplier Involvement: 'reference/decision_points/supplier_involvement.md'
- System Exposure: 'reference/decision_points/system_exposure.md'
- Technical Impact: 'reference/decision_points/technical_impact.md'
- Value Density: 'reference/decision_points/value_density.md'
- Compound Decision Points:
- Intro: 'reference/decision_points/compound_decision_points.md'
- Human Impact: 'reference/decision_points/human_impact.md'
- Public Safety Impact: 'reference/decision_points/public_safety_impact.md'
- Utility: 'reference/decision_points/utility.md'
- CVSS-based decision points:
- 'reference/decision_points/cvss/index.md'
- Qualitative Severity: 'reference/decision_points/cvss/qualitative_severity.md'
- Base Metrics:
- Attack Vector: 'reference/decision_points/cvss/attack_vector.md'
- Attack Complexity: 'reference/decision_points/cvss/attack_complexity.md'
- Attack Requirements: 'reference/decision_points/cvss/attack_requirements.md'
- Privileges Required: 'reference/decision_points/cvss/privileges_required.md'
- User Interaction: 'reference/decision_points/cvss/user_interaction.md'
- Confidentiality Impact: 'reference/decision_points/cvss/confidentiality_impact.md'
- Subsequent Confidentiality Impact: 'reference/decision_points/cvss/subsequent_confidentiality_impact.md'
- Integrity Impact: 'reference/decision_points/cvss/integrity_impact.md'
- Subsequent Integrity Impact: 'reference/decision_points/cvss/subsequent_integrity_impact.md'
- Availability Impact: 'reference/decision_points/cvss/availability_impact.md'
- Subsequent Availability Impact: 'reference/decision_points/cvss/subsequent_availability_impact.md'
- Threat Metrics:
- Exploit Maturity: 'reference/decision_points/cvss/exploit_maturity.md'
- Environmental Metrics:
- Confidentiality Requirement: 'reference/decision_points/cvss/confidentiality_requirement.md'
- Integrity Requirement: 'reference/decision_points/cvss/integrity_requirement.md'
- Availability Requirement: 'reference/decision_points/cvss/availability_requirement.md'
- Supplemental Metrics:
- Safety: 'reference/decision_points/cvss/safety.md'
- Automatable: 'reference/decision_points/cvss/automatable.md'
- Provider Urgency: 'reference/decision_points/cvss/provider_urgency.md'
- Recovery: 'reference/decision_points/cvss/recovery.md'
- Value Density: 'reference/decision_points/cvss/value_density.md'
- Vulnerability Response Effort: 'reference/decision_points/cvss/vulnerability_response_effort.md'
- Older Metrics:
- Authentication: 'reference/decision_points/cvss/authentication.md'
- Collateral Damage Potential: 'reference/decision_points/cvss/collateral_damage_potential.md'
- Impact Bias: 'reference/decision_points/cvss/impact_bias.md'
- Remediation Level: 'reference/decision_points/cvss/remediation_level.md'
- Report Confidence: 'reference/decision_points/cvss/report_confidence.md'
- Scope: 'reference/decision_points/cvss/scope.md'
- Target Distribution: 'reference/decision_points/cvss/target_distribution.md'
- Outcomes: 'reference/decision_points/outcomes.md'
- Code:
- Intro: 'reference/code/index.md'
- Decision Points: 'reference/code/decision_points.md'
- Decision Tables: 'reference/code/decision_tables.md'
- Decision Point Groups: 'reference/code/decision_point_groups.md'
- Namespaces: 'reference/code/namespaces.md'
- Selections: 'reference/code/selection.md'
- CSV Analyzer: 'reference/code/analyze_csv.md'
- Doctools: 'reference/code/doctools.md'
- Calculator: 'ssvc-calc/index.md'
- Explorer: 'ssvc-explorer/index.md'
- About:
- Intro: 'about/index.md'
- Community Engagement: 'about/contributing.md'
# - FAQ: 'about/faq.md'
- Decision Records: 'adr/index.md'
- Acknowledgements: 'about/acknowledgements.md'
- Change log: 'about/changelog.md'
- Contact: 'about/contact_us.md'
not_in_nav: |
_*.md
_*/**/*.md
theme:
logo: 'assets/Software_Engineering_Institute_Unitmark_White.svg'
name: 'material'
custom_dir: 'overrides'
features:
- content.tabs.link
- navigation.footer
- navigation.instant
- navigation.sections
- navigation.tabs
- navigation.top
- navigation.tracking
- search.highlight
- search.suggest
- toc.follow
palette:
scheme: 'cmu'
accent: 'red'
icon:
repo: fontawesome/brands/github
plugins:
- include-markdown:
comments: false
rewrite_relative_links: true
- search
- table-reader:
data_path: 'data/csvs'
- bibtex:
bib_file: 'doc/md_src_files/sources_ssvc.bib'
- markdown-exec
- mkdocstrings:
handlers:
python:
paths: [ 'src' ]
- print-site
repo_url: 'https://github.com/CERTCC/SSVC'
repo_name: 'CERTCC/SSVC'
markdown_extensions:
- admonition
- attr_list
- def_list
- footnotes
- md_in_html
- pymdownx.arithmatex:
generic: true
- pymdownx.critic
- pymdownx.caret
- pymdownx.details
- pymdownx.emoji:
emoji_index: !!python/name:material.extensions.emoji.twemoji
emoji_generator: !!python/name:material.extensions.emoji.to_svg
- pymdownx.superfences:
custom_fences:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
- pymdownx.keys
- pymdownx.mark
- pymdownx.tabbed:
alternate_style: true
- pymdownx.tasklist:
custom_checkbox: true
- pymdownx.tilde
- tables
extra:
analytics:
provider: google
property: G-87WECW6HCS
consent:
title: About our use of cookies on this site
description: >-
We use cookies to measure the effectiveness of our documentation and whether users
find what they're searching for. With your consent, you're helping us to
make our documentation better.
See our <a href="https://www.sei.cmu.edu/legal/privacy-notice/index.cfm">Privacy Notice</a> for more.
social:
- icon: material/message-question
link: https://github.com/CERTCC/SSVC/issues/new?template=question.md
name: Ask a Question
- icon: fontawesome/solid/bug
link: https://github.com/CERTCC/SSVC/issues/new?template=bug_report.md
name: Report a Problem
- icon: material/lightbulb-on
link: https://github.com/CERTCC/SSVC/issues/new?template=feature_request.md
name: Request a Feature
- icon: fontawesome/regular/comments
link: https://github.com/CERTCC/SSVC/discussions
name: SSVC Community Discussions
- icon: fontawesome/brands/github
link: https://github.com/CERTCC/SSVC
name: CERTCC/SSVC on Github
- icon: fontawesome/regular/envelope
link: mailto:cert@cert.org?subject=SSVC%20Feedback
name: Email CERT/CC
- icon: fontawesome/solid/house
link: https://www.sei.cmu.edu/
name: Software Engineering Institute
extra_javascript:
# to render math
- javascripts/mathjax.js
- https://cdn.jsdelivr.net/npm/mathjax@3/es5/tex-mml-chtml.js
# to sort tables
- https://unpkg.com/tablesort@5.3.0/dist/tablesort.min.js
- javascripts/tablesort.js
# scripts for graphModule and Explorer
- ssvc-explorer/simple.js
- https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js
- https://cdnjs.cloudflare.com/ajax/libs/d3/3.5.17/d3.min.js
extra_css:
- stylesheets/extra.css
watch:
- docs
- src
dev_addr: 127.0.0.1:8001