Skip to content

About SSVC

SSVC presents a method for suppliers, deployers, and coordinators to use to prioritize their effort to mitigate vulnerabilities. We have built on previous SSVC versions through public presentation and feedback, private consultation, and continued analyst testing. The evaluation process we developed in version 1 remains an important part of continued improvement of SSVC, and will be used to continue refinements of SSVC going forward. We invite participation and further refinement of the prioritization mechanism from the community as well, such as by posting an issue. We endeavored to be transparent about our process and provide justification for design decisions.

We invite questions, comments, and further community refinement in moving forward with a transparent and justified vulnerability prioritization methodology that is inclusive for the various stakeholders and industries that develop and use information and computer technology.