Merge branch 'main' into 582-dockerize-the-mkdocs-dev-server

Author: ahouseholder

docs/_includes/automatable_cvss_ssvc.md

@@ -0,0 +1,8 @@
+!!! tip "CVSS:Automatable vs SSVC:Automatable"
+
+    The [CVSS Automatable](../reference/decision_points/cvss/automatable.md) 
+    vector element was developed alongside the identically named
+    [Automatable](../reference/decision_points/automatable.md) decision point in
+    SSVC. We intend for these two decision points to be interchangeable.
+    The main difference is that the CVSS Automatable accomodates an explicit
+    _Not Defined_ value, whereas the SSVC Automatable does not.

docs/_includes/safety_cvss_ssvc.md

@@ -0,0 +1,15 @@
+!!! tip "CVSS:Safety vs SSVC:Public Safety Impact vs SSVC:Safety Impact"
+
+    The [CVSS Safety](../reference/decision_points/cvss/safety.md) vector element
+    is semantically interchangeable with the
+    [SSVC Public Safety Impact](../reference/decision_points/public_safety_impact.md)
+    decision point.
+    The main difference is that the [CVSS Safety](../reference/decision_points/cvss/safety.md)
+    vector element accomodates an explicit _Not Defined_ value, whereas the
+    [SSVC Public Safety Impact](../reference/decision_points/public_safety_impact.md)
+    does not.
+
+    The [SSVC Safety Impact](../reference/decision_points/safety_impact.md) decision point provides a higher-resolution view of the safety impact.
+    The [SSVC Public Safety Impact](../reference/decision_points/public_safety_impact.md) and
+    [CVSS Safety](../reference/decision_points/cvss/safety.md) decision points are
+    lower-resolution views of the safety impact.

docs/_includes/value_density_cvss_ssvc.md

@@ -0,0 +1,8 @@
+!!! tip "CVSS:Value Density vs SSVC:Value Density"
+
+    The [CVSS Value Density](../reference/decision_points/cvss/value_density.md)
+    vector element was developed alongside the identically named
+    [Value Density](../reference/decision_points/value_density.md) decision 
+    point in SSVC. We intend for these two decision points to be interchangeable.
+    The main difference is that the CVSS Value Density accomodates an explicit
+    _Not Defined_ value, whereas the SSVC Value Density does not.

docs/reference/decision_points/automatable.md

@@ -1,4 +1,4 @@
-# Automatable
+# Automatable (SSVC)
 
 ```python exec="true" idprefix=""
 from ssvc.decision_points.automatable import LATEST
@@ -12,6 +12,8 @@ print(example_block(LATEST))
     Automatable combines with [Value Density](./value_density.md) to inform 
     [Utility](./utility.md)
 
+{% include-markdown "../../_includes/automatable_cvss_ssvc.md" %}
+
 *Automatable* captures the answer to the question “Can an attacker reliably automate creating exploitation events for this vulnerability?”
 
 !!! question "What are Steps 1-4 of the Kill Chain?"

docs/reference/decision_points/cvss/attack_complexity.md

@@ -0,0 +1,21 @@
+# Attack Complexity
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.attack_complexity import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+## Previous Versions
+
+Following are the previous versions of the decision point:
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.attack_complexity import VERSIONS
+from ssvc.doc_helpers import example_block
+
+versions = VERSIONS[:-1]
+for version in versions:
+    print(example_block(version))
+```

docs/reference/decision_points/cvss/attack_requirements.md

@@ -0,0 +1,8 @@
+# Attack Requirements
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.attack_requirements import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```

docs/reference/decision_points/cvss/attack_vector.md

@@ -0,0 +1,22 @@
+# Attack Vector
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.attack_vector import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+## Previous Versions
+
+Following are the previous versions of the decision point:
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.attack_vector import VERSIONS
+from ssvc.doc_helpers import example_block
+
+versions = VERSIONS[:-1]
+for version in versions:
+    print(example_block(version))
+    print("\n---\n")
+```

docs/reference/decision_points/cvss/authentication.md

@@ -0,0 +1,22 @@
+# Authentication
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.authentication import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+## Previous Versions
+
+Following are the previous versions of the decision point:
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.authentication import VERSIONS
+from ssvc.doc_helpers import example_block
+
+versions = VERSIONS[:-1]
+for version in versions:
+    print(example_block(version))
+    print("\n---\n")
+```

docs/reference/decision_points/cvss/automatable.md

@@ -0,0 +1,10 @@
+# Automatable (CVSS)
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.supplemental.automatable import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+{% include-markdown "../../../_includes/automatable_cvss_ssvc.md" %}

docs/reference/decision_points/cvss/availability_impact.md

@@ -0,0 +1,22 @@
+# Availability Impact to the Vulnerable System
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.availability_impact import LATEST
+from ssvc.doc_helpers import example_block
+
+print(example_block(LATEST))
+```
+
+## Previous Versions
+
+Following are the previous versions of the decision point:
+
+```python exec="true" idprefix=""
+from ssvc.decision_points.cvss.availability_impact import VERSIONS
+from ssvc.doc_helpers import example_block
+
+versions = VERSIONS[:-1]
+for version in versions:
+    print(example_block(version))
+    print("\n---\n")
+```