Comment 3 for bug 1880992

Revision history for this message
Steve Beattie (sbeattie) wrote : Re: [Bug 1880992] Re: check-cves should compute and display CVSS score for triage

On Thu, May 28, 2020 at 03:12:39AM -0000, Alex Murray wrote:
> Since we parse out the full attributes of the score, we could easily try
> and show more than just the vector string and the base score but I am
> not sure how we could do this in a concise manner - so currently this
> will look like either of the following, depending on whether using
> traditional or experimental output modes:

Thanks. On the one hand, I can't get my brain to grok the random string
of single letters. On the other, I'm not sure the number tells me much
either. I did have the idea of maybe reporting something like:

  Confidentiality: [high|medium|low] Integrity: [high|medium|low] Availability: [high|medium|low]

as I tend to think of those as the most relevant portions of the CVSS
array elements. But that may be a bias that I have, and am open to other
thoughts here.

--
Steve Beattie
<email address hidden>
http://NxNW.org/~steve/