Skip to content

Stakeholder-Specific Vulnerability Categorization

SSVC stands for A Stakeholder-Specific Vulnerability Categorization. It is a methodology for prioritizing vulnerabilities based on the needs of the stakeholders involved in the vulnerability management process. SSVC is designed to be used by any stakeholder in the vulnerability management process, including finders, vendors, coordinators, deployers, and others.

TODO remove this warning when the site is ready

Work in Progress

This website is a work in progress. While it is intended to eventually be the official documentation for SSVC, it is not yet complete. For the latest version of SSVC documentation, see the GitHub repository.

Where to go from here

We have organized the SSVC documentation into four main sections:

  • Get Started with SSVC

    Get started learning about SSVC and how it can help you prioritize vulnerabilities. This section is intended for people who are new to SSVC.

    Learning SSVC

  • Learn More about SSVC

    Dig deeper to understand the SSVC methodology and how it works. This section is intended for people who are already familiar with SSVC and want to learn more.

    Understanding SSVC

  • SSVC How To

    Start using SSVC in your organization today with step-by-step instructions. This section is intended for people who are already familiar with SSVC and want to start using it.

    SSVC How To

  • SSVC Reference

    Reference documentation for SSVC. This section is intended for people who are already familiar with SSVC and want to look up specific details.

    Reference