Adopting alternative terms used in SSVC to better support business, enterprise and open source adoption #659
Replies: 1 comment
-
|
Hello Phillipe Thanks for this feedback. I think you may have already read our Customizing SSVC page in our new website. If not, it is worth a quick look about some of the suggestion. https://certcc.github.io/SSVC/howto/tree_customization/. There is some information the "Stakeholders Agnostic" vs "Stakeholder Specific" Decision Points discussed a little. Practically, one can fork the current Decision Point with same, similar or entirely new definitions (especially for the "Stakeholder Specific" scope) using the |
Beta Was this translation helpful? Give feedback.
-
Some terms in SSVC may not make general sense, especially for non-government, non-DOD adopters.
For instance "Mission" feels odd to me whether in a business or open source project context. Same for "Public Well-Being". These terms being strange to me, this mean they are hindering my own adoption, and the adoption in my open source tools and maybe adoption by others too.
And acronyms like "MEFs" (which I guess means Mission Essential Functions) may be well understood in the US military, but are unlikely generally obvious elsewhere.
I wonder if you would be open to replace some terms, or at least support aliases? I cannot see me explaining over and over again what these mean and why they exist (because of the history of SSVC).
At the moment, I find this is a hurdle to "enterprise" adoption.
Here I could see how "Mission" could be aliased to something like "Operation" and "Public Well-Being" to "Organization". Or something else.
Also "Crippled" is a bit of an odd term to me in the SSVC context, and it could benefit from an alternative?
Opening the discussion!
Beta Was this translation helpful? Give feedback.
All reactions