vulntology icon indicating copy to clipboard operation
vulntology copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

Research: How does MITRE D3FEND relate to Vulntology?

Open Chris-Turner-NIST opened this issue 2 years ago • 4 comments

https://d3fend.mitre.org/

Chris-Turner-NIST avatar Apr 12 '22 19:04 Chris-Turner-NIST

This is a very timely request, because at the moment, D3FEND ontology doesn't seem to have Vulnerability related classes: https://d3fend.mitre.org/ontologies/d3fend.ttl

Vulntology would be a perfect compliment to D3FEND. Being able to access Vulntology as a TTL or OWL would really help.

ag0x00 avatar Apr 15 '22 17:04 ag0x00

Hello,

We (MITRE D3FEND) are trying to standardize the names of components in a system, we call these digital artifacts. We'd be interested in aligning vocabularies where possible to enable compatibility.

D3FEND has over 400 digital artifacts defined, and we are adding quite a bit more. These are arranged in a classification taxonomy, and then related to one another semantically, all with definitions etc.

Let us know if we can help.

Peter

netfl0 avatar Apr 25 '22 19:04 netfl0

@netfl0 Do you have some specific suggestions about where we can work to align these efforts?

david-waltermire avatar Apr 25 '22 19:04 david-waltermire

@david-waltermire-nist , the context concept jumped out at me in particular. We have modeled various elements like Application, Firmware, Hardware, Channel and many more in the D3FEND ontology. They all have definitions and relationships specified. That might be an area of alignment.

You can view some of them on the D3FEND website, but you need to open the ontology file in order to see them all.

netfl0 avatar Apr 26 '22 14:04 netfl0