stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 16 Releases Wiki Activity
Files
18d87c64c5dafb8fa75276ad1ae3c092fbae2de3
git.stella-ops.org/docs/product-advisories/29-Nov-2025 - CVSS v4.0 Momentum in Vulnerability Management.md
StellaOps Bot 18d87c64c5 feat: add PolicyPackSelectorComponent with tests and integration 
- Implemented PolicyPackSelectorComponent for selecting policy packs.
- Added unit tests for component behavior, including API success and error handling.
- Introduced monaco-workers type declarations for editor workers.
- Created acceptance tests for guardrails with stubs for AT1–AT10.
- Established SCA Failure Catalogue Fixtures for regression testing.
- Developed plugin determinism harness with stubs for PL1–PL10.
- Added scripts for evidence upload and verification processes.
2025-12-05 21:24:34 +02:00

1015 B
Raw Blame History

29-Nov-2025 · CVSS v4.0 Momentum in Vulnerability Management

Why now: Vendors (NVD, GitHub, Microsoft, Snyk) are shipping CVSS v4 signals; StellaOps needs awareness to align receipts, reporting, and UI before defaulting to v4 everywhere.

Scope

  • Brief on adoption signals and compatibility risks when mixing v3.1/v4.
  • Map impacts to receipt schemas (SPRINT_0190_0001_0001_cvss_v4_receipts.md).
  • Identify quick UI/reporting deltas required for transparency.

Required artefacts (MVP for DONE)

  • This briefing plus linkage in docs/product-advisories/ADVISORY_INDEX.md (already indexed).
  • Note in sprint Decisions & Risks for CVSS receipts sprints; ensure SPRINT_0300 tracker row 15 records completion.

Determinism & Offline

  • Keep CVSS vector parsing deterministic; pin scoring library versions in receipts.
  • Avoid live API dependency; rely on mirrored NVD feeds or frozen samples.

Next actions

  • Cross-link to receipts schema draft; add Execution Log entry when briefing is published.