[go: up one dir, main page]
Page MenuHomePhabricator
Create Task
Maniphest T352743

Test CVSS against SSVC theory
Closed, ResolvedPublic4 Estimated Story Points
Actions

Description

In the context of trying to determine whether to use CVSS or SSVC framework, run each framework against the same set of Mediawiki tasks.

  • Select a few Mediawiki tasks that are good examples of several categories of bug/issues (ideally ones that have already been CVSS rated before public release, to optimize time). One of them should be a XSS.
  • Add environmental score to the already calculated score to generate full CVSS rating for those tasks + show the impact of the environmental criteria on the full-score.
  • Edit from Dec 14th: select a few, very representatives Mediawiki tasks and run a full CVSS scoring analysis on them (one xss would be good)
  • Run the SSVC framework against all of the same tasks
  • Show how the score is different
  • Analyze differences and showcase which score is the most accurate and why
  • Provide feedback on which one is easier to calculate
  • Show the form used to generate both scores

Event Timeline

Cleo_Lemoisson created this task.Dec 5 2023, 9:29 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 5 2023, 9:29 AM
Cleo_Lemoisson updated the task description. (Show Details)Dec 5 2023, 2:36 PM
mmartorana changed the task status from Open to In Progress.Dec 7 2023, 11:44 AM
mmartorana triaged this task as High priority.
mmartorana set the point value for this task to 8.
Cleo_Lemoisson updated the task description. (Show Details)Dec 14 2023, 12:53 PM
Cleo_Lemoisson added a subscriber: Jcross.

@mmartorana and @Jcross , in light of our conversations this week regarding cvss scoring, I edited the description of the task slightly. Please feel free to add anything relevant if needed.

Jcross added a subscriber: acooper.EditedJan 3 2024, 5:05 PM

@mmartorana As this was requested by @acooper and @Jcross on Dec. 5th and should not take very long, we are wondering where we are on this task list. The original suggestion to use existing scoring was erroneous but not essential or a blocker. Please update. @Cleo_Lemoisson tagged to follow up please.

mmartorana changed the point value for this task from 8 to 4.Jan 19 2024, 10:58 AM
mmartorana added a subscriber: Mstyles.

Hi @Cleo_Lemoisson - Following our discussion with @acooper yesterday, @Mstyles and I plan to collaborate on developing our custom theoretical implementation of the SSVC framework. This effort aims to assess and compare the risk rating results with the CVSS score already calculated.

mmartorana closed this task as Resolved.Mar 5 2024, 3:27 PM
mmartorana moved this task from In Progress to Completed on the wikimedia-risk-calculator board.Jun 6 2024, 3:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits