Skip to content

Acknowledgements

The SSVC team would first like to acknowledge the valuable contributions of previous authors who have worked on earlier versions of SSVC: Eric Hatleback, Bon Jin Koo, Art Manion, Madison Oliver, Deana Shick, and Jonathan Spring.

SSVC began as a series of papers before we created this site. Earlier versions were written by:
[1] J. M. Spring, E. Hatleback, A. D. Householder, A. Manion, and D. Shick, "Towards Improving CVSS," Software Engineering Institute, Carnegie Mellon University, Dec. 2018. [Online]. Available: https://github.com/CERTCC/SSVC/blob/main/pdfs/2018_019_001_538372.pdf
[2] J. M. Spring, E. Hatleback, A. D. Householder, A. Manion, and D. Shick, "Prioritizing Vulnerability Response: a Stakeholder-Specific Vulnerability Categorization," Software Engineering Institute, Carnegie Mellon University, Nov. 2019. [Online]. Available: https://github.com/CERTCC/SSVC/blob/main/pdfs/2019_019_001_636391.pdf
[3] J. M. Spring, E. Hatleback, A. D. Householder, A. Manion, and D. Shick, "Prioritizing Vulnerability Response: a Stakeholder-Specific Vulnerability Categorization (Version 1.1)," Software Engineering Institute, Carnegie Mellon University, Dec. 2020. [Online]. Available: https://github.com/CERTCC/SSVC/blob/main/pdfs/weis20-final6.pdf
[4] J. M. Spring, A. D. Householder, E. Hatleback, A. Manion, M. Oliver, V. Sarvepalli, L. Tyzenhaus, and C. Yarbrough, "Prioritizing Vulnerability Response: a Stakeholder-Specific Vulnerability Categorization (Version 2.0)," Software Engineering Institute, Carnegie Mellon University, Apr. 2021. [Online]. Available: https://github.com/CERTCC/SSVC/blob/main/pdfs/2021_019_001_653461.pdf
[5] J. M. Spring, E. Hatleback, A. D. Householder, V. Sarvepalli, L. Tyzenhaus, and C. Yarbrough, "Prioritizing Vulnerability Response: a Stakeholder-Specific Vulnerability Categorization (SSVC) version 2.1.0-edb6c97," Software Engineering Institute, Carnegie Mellon University, Sep. 2023. [Online]. Available: https://github.com/CERTCC/SSVC/blob/main/pdfs/ssvc_2_1_draft.pdf

The SSVC team thanks the contributors to the SSVC project on GitHub as well as the following individuals for helpful comments on earlier versions (listed in alphabetical order): Muhammad Akbar, Will Dormann, Manish Gaur, Ralph Langer, David Oxley, Dale Peterson, Bernhard Reiter, Thomas Schmidt, Jeroen van der Ham, Michel van Eeten, and Sounil Yu.

The SSVC team also thanks those others too numerous to name individually who provided comments and feedback, including: Attendees at S4, Miami FL 2020; Attendees at A Conference on Defense (ACoD), Austin TX 2020; Anonymous WEIS reviewers; Various staff members and analysts at CERT/CC, CISA, McAfee, and VMWare; FIRST CVSS SIG and EPSS SIG members; OASIS CSAF TC; and others who wish to remain anonymous.