Roberto Polli

Good question :) I need to work on it.

Moreover, the Summary of recommendations should not duplicate mandatory text. I'd replace it with a table referencing the actual spec sections.

@netfl0 > Source Code Hardening as a sibling to Application Hardening SourceCodeHardening subClassOf ApplicationHardening ? > enumerate the essential categories of tests the DAST and SAST tools run since some...

This guide details the following mitigations:  Scan containers and Pods for vulnerabilities or misconfigurations. d3f:ApplicationHardening, d3f:ApplicationConfigurationHarndening `?SystemConfigurationHardening != d3f:SystemInitConfigAnalysis`  Run containers and Pods with the least privileges possible....

### SystemConfigurationHardening is missing >> Scan containers and Pods for vulnerabilities or misconfigurations. >> d3f:ApplicationHardening, d3f:ApplicationConfigurationHarndening > Very broad directive, I agree with classifications Currently we don't have a preventive...

@netfl0 for RFC I suggest to add actionable articles/kb, especially in the security field. Referencing old specs risks to spread legacy information. Consider that people interested in older RFC content...

> keeping track of all the "latest and greatest" guidance is a lot of overhead we can't support at the moment while we might "script it" (e.g., for RFC), it...

Further information. ContainerImage analyisis and BOM generation is related to https://next.d3fend.mitre.org/technique/d3f:ServiceBinaryVerification/

@Glenn1963l I identified similar mapping: Identify: no mapping Protect: d3f:Harden, d3f:Isolate Detect: d3f:Detect Respond: d3f:Evict Recover: no mapping Not sure about Detect -> d3f:Deceive, but it can be ok. Do...

@aamedina interesting. Since it referst to RFC2616 it would be useful to review and ensure that https://www.w3.org/TR/HTTP-in-RDF10/ is consistent with RFC9110 though. HTTP is about semantics and abstracts concepts from...