Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-6068

RHACS: Option to view CVSS score is based on NVD when CVSS is overridden using the Red Hat security ratings

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • RHACS
    • None
    • False
    • None
    • False
    • Not Selected

      Business Problem:

      Per CX, MUFG's whole Vulnerability Management program risk assessment is based on the CVSS score for CVE from NVD. If the product is overriding it then we need the ability to see both the original and overridden score. Please raise a feature request if this doesn’t exist in the product currently. This will be a high-impact issue for the CX.
       

      Use Cases:

      When the CVSS score is overridden, it will also be able to show the NVD score.

       

      Key Functionality:

      CX will be able to get the original NVD score if the CVSS score is overridden.
       

      Benefits:

      To meet the security requirements

      Acceptance criteria:

      If the product is overriding it then CX needs the ability to see both the original and overridden score.

      Implementation Suggestions (optional):

      • Integration: [Specify any existing systems or tools that the new feature should integrate with]

       

      • Dependencies: [Describe any dependencies on other 3rd party integrations or OCP components] 

       

      • User Experience: [Provide suggestions for designing the UI to optimize usability. Highlight other relevant aspects of the user experience ]

       

      Timeline:

      ASAP. This will be a high-impact issue for the CX.
      [Specify the preferred implementation date or any specific deadlines for the feature implementation]

       

      Please use the following Jira fields to complete this Feature Request

      1. [Jira Field] Summary Required: The option to view the CVSS NVD score when CVSS is overridden using the Red Hat security ratings.
      2. [Jira Field] Description: CX's whole Vulnerability management program risk assessment is based on the CVSS score for CVE from NVD. If the product is overriding it then CX needs the ability to see both original and overridden scores. Please raise a feature request if this doesn’t exist in the product currently. This will be a high-impact issue for them.
      3. [Jira Field] Component:
      4. [Jira Field] Priority: High
      5. [Jira Field] Supporting Documentation: https://issues.redhat.com/browse/ROX-18363
         
      1. Please see the attachment in https://issues.redhat.com/browse/ROX-18363

       

       

            sbadve@redhat.com Shubha Badve
            shanna_chan Pui Chan
            Anjali Telang, Boaz Michaely, Doron Caspin, JP Jung, Maria Simon Marcos, Shubha Badve
            ACS Scanner
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: