Software Engineering Institute

Charles G. Yarbrough

CERT

Publications by Charles G. Yarbrough

Prioritizing Vulnerability Response: A Stakeholder-Specific Vulnerability Categorization (Version 2.0)

April 30, 2021 • White Paper

Jonathan Spring Allen D. Householder Eric Hatleback

This paper presents version 2.0 of a testable Stakeholder-Specific Vulnerability Categorization (SSVC) that takes the form of decision trees and that avoids some problems with the Common Vulnerability Scoring System (CVSS).
read