vulntology
vulntology copied to clipboard
usnistgov
Entity Role requires addition for System of Interest concept
Reasoning: Currently, Entity Role's purpose is for defining relevant security boundaries across existing assessment systems. This change will enable tracking of these boundaries using the concept of System of Interest. (Used by CVSS v4.0 and SSVC 2.0)
CVSS v4.0 will release towards the end of 2023 (slated for 10/31/23 at the moment). SSVC v2.0 has been released since 2020
Areas to enhance:
- [ ] Data Model - Entity Role
website/content/specification/values/entity-role.md
ADD System of Interest: See CVSS v4.0 Section ?? for a full explanation of System of Interest
-
Vulnerable: Associated Context is considered to contain the vulnerability.
-
Subsequent: Associated Context is where impacts of the vulnerability are realized. The Subsequent System may or may not be the Vulnerable System.
-
[ ] JSON Schema
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/schema/vulntology-json-schema-1.0-draft.json#L200-L208
ADD
"System of Interest::Vulnerable",
"System of Interest::Subsequent",
-
[ ] Overall Graph https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/vulntology-graph.png
-
[ ] Graph Snippets
-
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/EntityRoleSnippet.png
-
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ActionSnippet.png
-
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ContextSnippet.png
-
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ImpactMethodSnippet.png
-
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/VulnerabilitySnippet.png
