impactStatement

Summary

Explains why a VEX product is not affected by a vulnerability. It is an alternative in VexNotAffectedVulnAssessmentRelationship to the machine-readable justification label.

Description

When a VEX product element is related with a VexNotAffectedVulnAssessmentRelationship and a machine readable justification label is not provided, then an impactStatement that further explains how or why the prouct(s) are not affected by the vulnerability must be provided.

Metadata

https://spdx.org/rdf/3.0.0/terms/Security/impactStatement


Name	impactStatement
Nature	DataProperty
Range	xsd:string

Referenced

/Security/VexNotAffectedVulnAssessmentRelationship