Feature/issue 576

data/schema/Decision_Point.schema.json

@@ -1,7 +1,7 @@
 {
     "$schema": "https://json-schema.org/draft/2020-12/schema",
     "title": "Decision Point schema definition",
-    "$id": "https://github.com/CERTCC/SSVC/tree/main/data/schema/Decision_Point.schema.json",
+    "$id": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json",
     "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.",
     "type": "object",
     "additionalProperties": false,

data/schema/Decision_Point_Group.schema.json

@@ -1,7 +1,7 @@
 {
     "$schema": "https://json-schema.org/draft/2020-12/schema",
     "title": "Decision Points Group schema definition",
-    "$id": "https://github.com/CERTCC/SSVC/tree/main/data/schema/Decision_Point_Group.schema.json",
+    "$id": "https://certcc.github.io/SSVC/data/schema/Decision_Point_Group.schema.json",
     "type": "object",
     "additionalProperties": false,
     "properties": {
@@ -22,51 +22,7 @@
             "additionalProperties": false,
             "type": "array",
             "items": {
-                "type": "object",
-                "properties": {
-                    "namespace": {
-                        "type": "string",
-                        "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
-                    },
-                    "version": {
-                        "type": "string",
-                        "description": "Version (a semantic version string) that identifies this object"
-                    },
-                    "key": {
-                        "type": "string",
-                        "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
-                    },
-                    "name": {
-                        "type": "string",
-                        "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
-                    },
-                    "description": {
-                        "type": "string",
-                        "description": "Description of the Decision Point or the Group of Decision Points."
-                    },
-                    "values": {
-                        "description": "Decision Point Values are valid results from a Decision Point",
-                        "uniqueItems": true,
-                        "type": "array",
-                        "items": {
-                            "type": "object",
-                            "properties": {
-                                "key": {
-                                    "type": "string",
-                                    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
-                                },
-                                "name": {
-                                    "type": "string",
-                                    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
-                                },
-                                "description": {
-                                    "type": "string",
-                                    "description": "Description of the Decision Point or the Group of Decision Points."
-                                }
-                            }
-                        }
-                    }
-                }
+		"$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point.schema.json"
             }
         }
     },

data/schema/SSVC_Computed.schema.json

@@ -1,6 +1,6 @@
 {
     "$schema": "https://json-schema.org/draft/2020-12/schema",
-    "$id": "https://democert.org/ssvc/SVC_Computed_v2.03.schema.json",
+    "$id": "https://certcc.github.io/SSVC/data/schema/SSVC_Computed.schema.json",
     "title": "Computed SSVC score representing the path in the decision tree",
     "description": "This schema represents the full path in the decision tree taken by an analyst with a specific role.  The representation of the full decision tree is optional",
     "type": "object",
@@ -10,17 +10,28 @@
 	    "description": "An optional short vector representation of a SSV computed decision score.  This will be useful in providing permalink and other ways to provide quick read and access to a SSVC decision made"
 
 	},
+	"outcome": {
+	    "description": "This entry provides a list of potential outcomes once a Decision Tree were used to evaluate a vulnerability (or multiple) by a organization/person representing a Role",
+	    "type": "object",
+	    "patternProperties": {
+		".*" : {
+		    "type": "array",
+		    "items": {
+			"type": "string"
+		    }
+		}
+	    },
+	    "maxProperties": 1,
+	    "additionalProperties": false
+	},
 	"options": {
-	    "type": "array",
-
-	    "items": {
-		"type": "object",
-		"patternProperties": {
-		    ".*": {
-			"type": ["array","string"],
-			"items": {
-			    "type": "string"
-			}
+	    "description": "These entries list the Options that were evaluated by a organization/person representing a Role",
+	    "type": "object",
+	    "patternProperties": {
+		".*" : {
+		    "type": "array",
+		    "items": {
+			"type": "string"
 		    }
 		}
 	    },
@@ -42,7 +53,7 @@
 	},
 	"decision_tree": {
 	    "description": "The full decision tree that was used for this SSVC computed score",
-	    "$ref": "https://democert.org/ssvc/SSVC_Provision_v2.03.schema.json"
+	    "$ref": "https://certcc.github.io/SSVC/data/schema/SSVC_Provision.schema.json"
 	},
 	"id": {
 	    "type": "string",
@@ -53,7 +64,7 @@
 	    "format": "uri",
 	    "description": "A URL that points to the decision tree that was used to make this \"Computed\" decision"
 	},
-	"$schema": {
+	"schema": {
 	    "type": "string",
 	    "format": "uri",
 	    "description": "A URL that points to the schema that was used for the decision tree that was used to make this \"Computed\" decision"

data/schema/SSVC_Provision.schema.json

@@ -1,105 +1,11 @@
 {
     "$schema": "https://json-schema.org/draft/2020-12/schema",
-    "$id": "https://democert.org/ssvc/SSVC_Provision_v2.03.schema.json",
+    "$id": "https://certcc.github.io/SSVC/data/schema/SSVC_Provision.schema.json",
     "title": "Decision tree schema definition for SSVC",
     "description": "This provides a schema for a decision tree used to compute SSVC score for a vulnerability",
     "type": "object",    
-    "definitions": {
-        "decision_points": {
-	    "description": "Decision points are represented as an array of Nodes (in the decision tree language) in the decision tree, including the Root Node. Each decision point has a \"label\" with two or more \"options\" for each decision point",
-            "type": "array",
-            "items": {
-		"type": "object",
-                "properties": {
-                    "label": {
-			"description": "A short label that captures a short name of this Node",
-                        "type": "string",
-                        "maxLength": 255
-                    },
-                    "key": {
-			"description": "An optional short \"key\" that identified this \"descision_point\" in SSVC score vector form.  This is one or two letter(s) used in short-form vector representation of the SSVC score.",
-                        "maxLength": 2,
-                        "type": "string"
-                    },
-                    "options": {
-			"description": "This provides an array of choices that are relevant for leaving a Node in the decision tree to proceed to the next Node. ",
-                        "type": "array",
-                        "items": {
-                            "type": "object",
-                            "properties": {
-                                "description": {
-				    "description": "This should provide full information about this \"option\" ",
-                                    "maxLength": 65535,
-                                    "type": "string"
-                                },
-                                "label": {
-				    "description": "A short label of this \"option\" or choice.",
-                                    "maxLength": 255,
-                                    "type": "string"
-                                },
-                                "key": {
-				    "description": "An optional short \"key\" that identified this \"decision_point\" in SSVC score vector form.  This is one or two letter(s) used in short-form vector representation of the SSVC score.",
-                                    "type": "string",
-                                    "maxLength": 2
-                                },
-				"color": {
-				    "description": "This is an optional color to represent the final edge node or final recommended action provided by the SSVC tree.  This is preferably predefined color names, or with RGB, HEX, HSL, RGBA, or HSLA values.",
-				    "type": "string",
-				    "maxLength": 127
-				}
-                            },
-                            "required": [
-                                "label",
-                                "description"
-                            ]
-                        },
-                        "minItems": 1,
-			"uniqueItems": true
-                    },
-                    "decision_type": {
-			"type": "string",
-                        "enum": [
-                            "complex",
-                            "simple",
-			    "final"
-                        ],
-			"description": "Decision Type is used to identify if this is a \"simple\" decision or a \"complex\" decision. The \"complex\" decisions can have \"child\" decisions under them. The \"final\" decision basically is the last node on the decision tree"
-                    },
-                    "children": {
-                        "type": "array",			
-			"description": "The children property is used to identify decision_points that are children of a parent decision_point. The child decision_point(s) should be declared BEFORE the parent decision_point is declared in the array of decision_points.  The children property should NOT be present if the decision_point is not a parent decision_point that is dependent on the the other (child)  decisions.",
-			"items": {
-			    "type": "object",
-			    "properties": {
-				"label": {
-				    "type": "string",
-				    "label": "The \"label\" property of a decision_point that identifies the child decision_point.  The identified decision_point should be declared with its label as provided here",
-				    "maxLength": 255
-				},
-				"key": {
-				    "type": "string",
-				    "label": "The \"key\" property of a decision_point that identifies the child decision_point.  The identified decision_point should be declared with its label as provided here.  This is optional for identifying a decision_point using a one-or-two alphabetic characters to identify the child decision_point",
-				    "maxLength": 2
-				}
-			    },
-			    "required": [
-				"label"
-			    ],
-			    "additionalProperties": false
-			}
-                    }
-                },
-		"required":[
-		    "label",
-		    "decision_type",
-		    "options"
-		]
-            },
-            "minItems": 1	    
-        }
-    },
     "properties": {
-	"decision_points": { "$ref": "#/definitions/decision_points" },
+	"decision_points": { "$ref": "https://certcc.github.io/SSVC/data/schema/Decision_Point_Group.schema.json#/properties/decision_points" },
         "decisions_table": {
             "type": "array",		
             "items": {

data/schema_examples/Computed-CVE-2014-0751-Coordinator-with-tree.json

@@ -1,31 +1,21 @@
 {
-  "role": "Coordinator",
-  "id": "CVE-2014-0751",
-  "version": "2.0.3",
-    "computed": "SSVCv2/E:A/V:S/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
-    "timestamp":  "2021-09-29T15:29:44Z",
-  "options": [
-    {
-      "Exploitation": "active"
+    "role": "Coordinator",
+    "id": "CVE-2014-0751",
+    "version": "2.1.3",
+    "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
+    "timestamp": "2021-09-29T15:29:44Z",
+    "options": 	{
+	    "Exploitation": ["active"],
+	    "Automatable": ["no"],
+	    "Technical Impact": ["total"],
+	    "Mission Prevalence": ["Minimal"],
+	    "Public Well-being Impact": ["Material"],
+	    "Mission & Well-being": ["medium"]
     },
-    {
-      "Automatable": "no"
+    "outcome": {
+	"Decision": ["Act"]
     },
-    {
-      "Technical Impact": "total"
-    },
-    {
-      "Mission Prevalence": "Minimal"
-    },
-    {
-      "Public Well-being Impact": "Material"
-    },
-    {
-      "Mission & Well-being": "medium"
-    }
-  ],
-  "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.02.schema.json",
-  "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json",
+    "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json",
   "decision_tree": {
     "decision_points": [
       {
@@ -52,7 +42,7 @@
       },
       {
         "label": "Automatable",
-        "key": "V",
+        "key": "A",
         "decision_type": "simple",
         "options": [
           {
@@ -546,7 +536,7 @@
       }
     ],
     "lang": "en",
-    "version": "2.0.3",
+    "version": "2.0",
     "title": "CISA Coordinator v2.0.3"
   }
 }

data/schema_examples/Computed-CVE-2014-0751-Coordinator.json

@@ -1,29 +1,17 @@
 {
     "role": "Coordinator",
     "id": "CVE-2014-0751",
-    "version": "2.0.3",
-    "computed": "SSVCv2/E:A/V:S/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
+    "version": "2.1.3",
+    "computed": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2021-09-29T15:29:44Z/",
     "timestamp": "2021-09-29T15:29:44Z",
-    "options": [
-	{
-	    "Exploitation": "active"
-	},
-	{
-	    "Automatable": "no"
-	},
-	{
-	    "Technical Impact": "total"
-	},
-	{
-	    "Mission Prevalence": "Minimal"
-	},
-	{
-	    "Public Well-being Impact": "Material"
-	},
-	{
-	    "Mission & Well-being": "medium"
-	}
-    ],
-    "$schema": "https://democert.org/ssvc/SSVC_Computed_v2.0.3.schema.json",
+    "options": 	{
+	    "Exploitation": ["active"],
+	    "Automatable": ["no"],
+	    "Technical Impact": ["total"],
+	    "Mission Prevalence": ["Minimal"],
+	    "Public Well-being Impact": ["Material"],
+	    "Mission & Well-being": ["medium"]
+    },
+    "outcomes": ["Act"],
     "decision_tree_url": "https://democert.org/ssvc/CISA-Coordinator-v2.0.3.json"
 }

docs/data

@@ -0,0 +1 @@
+../data

docs/ssvc-calc/css.css

@@ -1,4 +1,8 @@
-/* css version 2.2.8 */
+/* css version 2.2.9 */
+#helper {
+    background-color: rgba(255,255,255,0.95);
+    border: 1px solid grey;
+}
 .ssvcvector {
     color: #7d1d1d;
 }

docs/ssvc-calc/findex.html

@@ -319,7 +319,7 @@ <h5> Public Well-being Impact Decision Values</h5>
       <h5>
 	Stakeholder-Specific Vulnerability Categorization (SSVC)
       </h5>
-      <span class="text-muted">version 2 (October 2020) </span>
+      <span class="text-muted">Introduction </span>
       <hr style="background-color:#9f9f9f"/>
       <div style="text-align:left">
 	<h4>Introduction:</h4>