Hello NVT developers, we are now ready to switch to mandatory presence of cvss_base_vector tag for any new NVT.
So, please from now on please do not commit a NVT without cvss_base_vector. In most cases you can apply the maximum one of the referenced CVEs. In doubt, please send your questions to this list so that we can jointly find a solution. For convenience in the transition time, you may in doubt commit the NVT and ask on this list how to apply cvss base vector best. I expect some work for those CVEs where no CVSS has been assigned yet. Here we have to provide a first assignment on our own until the CVE is extended with a full CVSS. We will see how often this case will happen and then can derive some conclusions for our process. Maybe it is even neglectable effort. OpenVAS-6 will rely on this tag. It will entirely ignore the tags cvss_base and risk_factor. All the best Jan -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
