From d905869f94d6cc5abe67bd996c9573cb1883f73d Mon Sep 17 00:00:00 2001 From: Simon John Date: Wed, 20 Mar 2024 13:30:03 +0000 Subject: [PATCH] Updated CVSS 4+ wording Removed FIPS bit, added mitigations etc. --- docs/extended-lifecycle-support/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/extended-lifecycle-support/README.md b/docs/extended-lifecycle-support/README.md index 97fe0637..32339efb 100644 --- a/docs/extended-lifecycle-support/README.md +++ b/docs/extended-lifecycle-support/README.md @@ -6,11 +6,11 @@ Our ELS service is designed to provide solutions for organizations that are not ### Vulnerability coverage -TuxCare employs the Common Vulnerability Scoring System (CVSS v3) to assess the severity of security vulnerabilities. Our severity rating system for patching vulnerabilities integrates both NVD scoring and vendor scoring (when available). When the vendor's score is lower than the NVD score, we give priority to the NVD score. +TuxCare employs the Common Vulnerability Scoring System (CVSS v3) to assess the severity of security vulnerabilities. Our severity rating system for patching vulnerabilities integrates both NVD scoring and vendor scoring (when available). When the vendor's score is lower than the NVD score, we give priority to the NVD score. -TuxCare Extended Lifecycle Support automatically provides security patches for High and Critical vulnerabilities with CVSS scores of 7+. For Medium-severity vulnerabilities (CVSS scores 4.0 to 6.9), TuxCare actively monitors and selectively patches those with potentially underrated CVE impacts and/or risks to TuxCare customers. +TuxCare Extended Lifecycle Support, by default, provides security patches for High and Critical vulnerabilities (with a 7+ CVSS score). For vulnerabilities rated as Medium (4.0 to 6.9), TuxCare can provide patches for CVE's where mitigations are not available and there is sufficient customer demand. -Custom coverage options include patches for FIPS-certified deployments and a 10-pack of customer-selected patches for CVEs outside the standard ELS scope. For detailed information on these coverage options and their pricing, please contact our sales team +Custom coverage options are available, including a 10-pack of customer-directed patches for clients who need CVEs patched outside of the ELS scope. Specific details regarding these coverage options and their pricing can be obtained by contacting our sales team. ### Target response times