A grouped advisory is a group of multiple advisories which share common identifiers and have same packages in their affected and fixing ranges.
We need to decide what all information shall be stored on a grouped advisory and how it shall be calculated
Current info we store/show
- identifier - AVID of primary advisory
- aliases - aliases of all advisories
- risk_score - min(exploitability * weighted_severity, 10.0)
- weighted_severity - max severity of an advisory
- exploitability - max exploitability of an advisory
- summary - summary only of primary advisory
- ssvc_tress - all SSVC trees
- fixed_by_packages - they are already same for all advisories
TBD
- references
- weaknesses
- severities
We need to define this
A grouped advisory is a group of multiple advisories which share common identifiers and have same packages in their affected and fixing ranges.
We need to decide what all information shall be stored on a grouped advisory and how it shall be calculated
Current info we store/show
TBD
We need to define this