Skip to content

Unify vocabulary usage between vuln management and handling #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mrybczyn wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Unify vocabulary usage between vuln management and handling #26

mrybczyn wants to merge 2 commits into from

Conversation

@mrybczyn
Copy link

@mrybczyn mrybczyn commented Apr 22, 2025

"Vulnerability handling" is a term frequently used to signify the process of resolving the vulnerability, while the disclosure is another process. This document covers both, so we prefer to use the general term "vulnerability management" in the general case.

@mrybczyn
spec.md: unify vocabulary usage between vuln management and handling
2916540 
"Vulnerability handling" is a term frequently used to signify the process of
resolving the vulnerability, while the disclosure is another process. This document
covers both, so we prefer to use the general term "vulnerability management"
in the general case.

Signed-off-by: Marta Rybczynska <[email protected]>
@mrybczyn mrybczyn mentioned this pull request Apr 22, 2025
Open
@rjb4standards
Copy link

rjb4standards commented Apr 22, 2025

100% agree - Vulnerability Management covers both vulnerability handling, i.e. coordinated vulnerability disclosure processing by a vendor and vulnerability disclosure reporting from a vendor to a consumer of a confirmed vulnerability..

@tobie
Copy link
Contributor

tobie commented Apr 22, 2025

Suggest fixing the README in the same PR too.

@mrybczyn
Copy link
Author

mrybczyn commented Apr 28, 2025

Suggest fixing the README in the same PR too.

Well spotted! I'm updating the PR

@mrybczyn
README: update vocabulary
37e3302 
Unify vocabulary between vulnerability management (preferred) and handling
(more specific).

Signed-off-by: Marta Rybczynska <[email protected]>
@mrybczyn
Copy link
Author

mrybczyn commented May 7, 2025

@mbarbero @tobie PR updated

@mrybczyn mrybczyn changed the title spec.md: unify vocabulary usage between vuln management and handling Unify vocabulary usage between vuln management and handling May 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tobie tobie tobie approved these changes

+2 more reviewers

@raboof raboof raboof approved these changes

@trumant trumant trumant approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mrybczyn @rjb4standards @tobie @raboof @trumant