A Python implementation of the Stakeholder-Specific Vulnerability Categorization framework.
Project description
Python implementation of SSVC (Stakeholder-Specific Vulnerability Categorization)
Installation
From pypi.org pip install ssvc
Example
To use SSVC:
- Determine the exploitation status of the vulnerability
- Assess the technical impact, considering the automatability
from ssvc import Decision, ExploitationLevel, Automatable, TechnicalImpact, MissionWellbeingImpact, ActionCISA, DecisionPriority
decision = Decision(
ExploitationLevel.POC,
Automatable.YES,
TechnicalImpact.PARTIAL,
MissionWellbeingImpact.MEDIUM,
)
assert decision.outcome.priority == DecisionPriority.LOW, "SSVC priority should be LOW"
assert decision.outcome.action == ActionCISA.TRACK, "SSVC decision should be TRACK"
Using strings also works
import ssvc
decision = ssvc.Decision(
exploitation='active',
automatable='no',
technical_impact='total',
mission_wellbeing='high',
)
assert decision.outcome.priority == ssvc.DecisionPriority.HIGH, "SSVC priority should be HIGH"
assert decision.outcome.action == ssvc.ActionCISA.ACT, "SSVC decision should be ACT"
Input incrementally and control how to handle decisions
from ssvc import Decision, ExploitationLevel, Automatable, TechnicalImpact, MissionWellbeingImpact, ActionCISA, DecisionPriority
decision = Decision()
# what is the ExploitationLevel?
decision.exploitation = ExploitationLevel.POC
# is it Automatable?
decision.automatable = Automatable.YES
# figure out the technical impact
decision.technical_impact = TechnicalImpact.PARTIAL
# Wha't our impact?
decision.mission_wellbeing = MissionWellbeingImpact.MEDIUM
# Get a decision outcome
outcome = decision.evaluate()
# decisions are return and available as a new variable
assert outcome.priority == DecisionPriority.LOW, "SSVC priority should be LOW"
# or use the `decision.outcome` like before
assert decision.outcome.action == ActionCISA.TRACK, "SSVC decision should be TRACK"
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
ssvc-1.0.11.tar.gz
(7.0 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
ssvc-1.0.11-py3-none-any.whl
(4.6 kB
view details)
File details
Details for the file ssvc-1.0.11.tar.gz.
File metadata
- Download URL: ssvc-1.0.11.tar.gz
- Upload date:
- Size: 7.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.5.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
11beef5c8f2008ae751789284882063ff4e98e66f1c19a9607046d9dd5dd1529
|
|
| MD5 |
5022ef28e9f40a863c25f754e8729f58
|
|
| BLAKE2b-256 |
02ddae320bfcf091c6df612c9422088f3f7c297392577c9ae357ec8092819eb2
|
File details
Details for the file ssvc-1.0.11-py3-none-any.whl.
File metadata
- Download URL: ssvc-1.0.11-py3-none-any.whl
- Upload date:
- Size: 4.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.5.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ef8a79df2581e9c1ff9900a41ac2c997364d1e35ce7c331140dede4cbedc9b18
|
|
| MD5 |
b7675a09b6d5df7226d08e6ef6370dcb
|
|
| BLAKE2b-256 |
de68095115eb2aa90b3d3675d1fbba91050b177444b6509fe3860a8bda2e128f
|
