From d94357c65c5372668c6d9ef103ccbe6a30606dd4 Mon Sep 17 00:00:00 2001 From: orf Date: Mon, 2 Nov 2015 20:24:19 +0000 Subject: [PATCH] Update readme.md --- docs/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/readme.md b/docs/readme.md index f60c074..75cb03c 100644 --- a/docs/readme.md +++ b/docs/readme.md @@ -1,6 +1,6 @@ # Code -I've had the misfortune of having to write several CVSS libraries in Python, this is my latest attempt at one that is tested and re-usable. Due to the nature of the CVSS v2 and v3 specifications (terrible 'reference code', huge amount of state and fiddly maths + corner cases) the current open source Python libraries for manipulating cvss are somewhat terrible and unmaintained. The only current implementation of v3 [has a (broken) 300 line function full of conditionals to handle vectors](https://github.com/toolswatch/pycvss3/blob/master/lib/pycvss3.py#L36), and while [some that implement v2](https://github.com/esn89/cvss-v2-calc) have better code quality they still lack tests and an importable API. There are a couple that are quite nice, including (cvss_util)[https://bitbucket.org/asecurityteam/cvss_util] +I've had the misfortune of having to write several CVSS libraries in Python, this is my latest attempt at one that is tested and re-usable. Due to the nature of the CVSS v2 and v3 specifications (terrible 'reference code', huge amount of state and fiddly maths + corner cases) the current open source Python libraries for manipulating cvss are somewhat terrible and unmaintained. The only current implementation of v3 [has a (broken) 300 line function full of conditionals to handle vectors](https://github.com/toolswatch/pycvss3/blob/master/lib/pycvss3.py#L36), and while [some that implement v2](https://github.com/esn89/cvss-v2-calc) have better code quality they still lack tests and an importable API. There are a couple that are quite nice, including [cvss_util](https://bitbucket.org/asecurityteam/cvss_util) There is also a lack of a useful reference implementation. There is an official calculator for v2 and v3, but these are useless for automated testing. The v3 is all in JavaScript (and unpublished I might add, so you have to dig through the undocumented page JS), and you would need to screen-scrape the NIST website to automate the v2 calculator. Eww.