Added SSVC

stevespringett · stevespringett · commit ac475058136b · 2023-05-19T21:39:02.000-05:00
Signed-off-by: Steve Springett &lt;steve@springett.us&gt;
diff --git a/schema/bom-1.5.proto b/schema/bom-1.5.proto
@@ -799,6 +799,8 @@ enum ScoreMethod {
   SCORE_METHOD_OTHER = 5;
   // Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/
   SCORE_METHOD_CVSSV4 = 6;
+  // Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC
+  SCORE_METHOD_SSVC = 7;
 }
 
 message Advisory {
diff --git a/schema/bom-1.5.schema.json b/schema/bom-1.5.schema.json
@@ -1743,13 +1743,14 @@
     "scoreMethod": {
       "type": "string",
       "title": "Method",
-      "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* CVSSv4 - [Common Vulnerability Scoring System v4](https://www.first.org/cvss/v4-0/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)",
+      "description": "Specifies the severity or risk scoring methodology or standard used.\n\n* CVSSv2 - [Common Vulnerability Scoring System v2](https://www.first.org/cvss/v2/)\n* CVSSv3 - [Common Vulnerability Scoring System v3](https://www.first.org/cvss/v3-0/)\n* CVSSv31 - [Common Vulnerability Scoring System v3.1](https://www.first.org/cvss/v3-1/)\n* CVSSv4 - [Common Vulnerability Scoring System v4](https://www.first.org/cvss/v4-0/)\n* OWASP - [OWASP Risk Rating Methodology](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology)\n* SSVC - [Stakeholder Specific Vulnerability Categorization](https://github.com/CERTCC/SSVC) (all versions)",
       "enum": [
         "CVSSv2",
         "CVSSv3",
         "CVSSv31",
         "CVSSv4",
         "OWASP",
+        "SSVC",
         "other"
       ]
     },
diff --git a/schema/bom-1.5.xsd b/schema/bom-1.5.xsd
@@ -3790,6 +3790,14 @@ limitations under the License.
                     </xs:documentation>
                 </xs:annotation>
             </xs:enumeration>
+            <xs:enumeration value="SSVC">
+                <xs:annotation>
+                    <xs:documentation xml:lang="en">
+                        The rating is based on Stakeholder Specific Vulnerability Categorization (all versions)
+                        https://github.com/CERTCC/SSVC
+                    </xs:documentation>
+                </xs:annotation>
+            </xs:enumeration>
             <xs:enumeration value="other">
                 <xs:annotation>
                     <xs:documentation xml:lang="en">

Original file line number	Diff line number	Diff line change
`@@ -799,6 +799,8 @@ enum ScoreMethod {`
`799`	`799`	`SCORE_METHOD_OTHER = 5;`
`800`	`800`	`// Common Vulnerability Scoring System v3.1 - https://www.first.org/cvss/v4-0/`
`801`	`801`	`SCORE_METHOD_CVSSV4 = 6;`
	`802`	`+ // Stakeholder Specific Vulnerability Categorization (all versions) - https://github.com/CERTCC/SSVC`
	`803`	`+ SCORE_METHOD_SSVC = 7;`
`802`	`804`	`}`
`803`	`805`
`804`	`806`	`message Advisory {`