Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove CVSSv2 scores from vulnerablecode #1187

Open
TG1999 opened this issue Apr 25, 2023 · 4 comments
Open

Remove CVSSv2 scores from vulnerablecode #1187

TG1999 opened this issue Apr 25, 2023 · 4 comments
Assignees
@ziadhany @TG1999
Labels
9-next

Comments

@TG1999
Copy link
Contributor

TG1999 commented Apr 25, 2023
edited
Loading

Reference: #889 (comment)
It will be a 3 step process:

  • Mark all advisories with CVSSv2 with a flag so improvers don't process them in the future.
  • Check none of our current importers import cvsssv2 score
  • Writing a migration to remove all CVSSv2 score from the severity table.
@TG1999 TG1999 mentioned this issue Apr 25, 2023
Closed
@pombredanne
Copy link
Member

IMHO we have this alternative:

  1. delete everything about CVSSv2 including advisory and check if there are data sources that provide only CVSSv2 and how we can convert CVSSv2 into CVSSv3
  2. or carry some CVSSv2 in advisories and have flags to avoid reprocessing and have some more code for CVSSv2 here and there

@pombredanne
Copy link
Member

See also https://security.stackexchange.com/questions/127335/how-to-convert-risk-scores-cvssv1-cvssv2-cvssv3-owasp-risk-severity

@ziadhany ziadhany mentioned this issue May 23, 2023
Closed
@ziadhany
Copy link
Collaborator

I think I got a really interesting result, take a look at https://www.kaggle.com/code/ziadhany/decision-trees-for-converting-cvss-2-to-3

@TG1999
Copy link
Contributor Author

TG1999 commented Jul 9, 2024

@pombredanne please have a look on this one!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ziadhany ziadhany

@TG1999 TG1999

Labels
9-next
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pombredanne @DennisClark @ziadhany @TG1999