vulntology icon indicating copy to clipboard operation
vulntology copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

Consider adding Threat mechanisms

Open Chris-Turner-NIST opened this issue 5 years ago • 1 comments

User Story:

Currently there are no assignable values to assist with establishing current threat levels of a given vulnerability. What can we capture within the Vulntology to better represent these data points?

Possible Data of interest:

  • Temporal concepts
    • Patches available
    • Exploits available
  • Exposure mechanisms
    • Count within environment/world
    • Usage of platform within environment/world
  • Recovery effort if exploited

Goals:

Establish consistent location for threat information within the model Consider previous and currently discussed Temporal/Threat concepts from CVSS SIG and other organizations and include as objects or properties to existing objects.

Dependencies:

N/A

Acceptance Criteria

  • [ ] All readme documentation affected by the changes in this issue have been updated.
  • [ ] A Pull Request (PR) is submitted that addresses the goals of this User Story. This issue is referenced in the PR. If the PR only partially addresses a given User Story, the specific goals addressed are identified in the PR.
  • [ ] All current graphs, visuals and figures updated to reflect new objects/properties

Chris-Turner-NIST avatar Sep 03 '19 12:09 Chris-Turner-NIST

We should take a look at MITRE ATT&CK.

david-waltermire avatar Dec 04 '19 18:12 david-waltermire