Add `cve_issue` method to ImplementationIssue
Overview
During a security release, there are a few different issues for each security vulnerability. The Security Implementation Issue is used for development and release, the CVE issue is used for CVE generation by AppSec and also contains all of the content needed for the blog post.
Given a Security::ImplementationIssue
, we need a way to refer to it's related Security::CvesIssue
.
Proposal
Add a method #cves_issue
to Security::ImplementationIssue
that returns an instance of Security::CvesIssue
.
To find the CVE issue from the security implementation issue, we can look via the security vulnerability issue. The security vulnerability issue should be linked to the security implementation issue, and the CVE issue should be linked to the security vulnerability issue. Usually the CVE issue is listed on the security implementation issue too, but this usually happens late in the process, often two days before the security release, so while that could be a fallback strategy, we should stick with the link via the vulnerability issue.