vulntology
vulntology copied to clipboard
usnistgov
Development of the NIST vulnerability data ontology (Vulntology).
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.1 to 4.0.2. Release notes Sourced from actions/setup-node's releases. v4.0.2 What's Changed Add support for volta.extends by @ThisIsManta in actions/setup-node#921 Add support for arm64 Windows by @dmitry-shibanov...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 4.0.1 to 5.0.0. Release notes Sourced from peter-evans/create-issue-from-file's releases. Create Issue From File v5.0.0 ⚙️ Updated runtime to Node.js 20 The action now requires a minimum version...
The [initial Sector of Interest list](https://github.com/usnistgov/vulntology/blob/master/specification/values/sector-of-interest-type.md) is less than complete. Does it make sense to use the [Critical Infrastructure Sectors](https://www.dhs.gov/critical-infrastructure-sectors) defined by Presidential Policy Directive 21 ([PPD-21](https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/presidential-policy-directive-critical-infrastructure-security-and-resil))?
Entity Role was created to support the concept of "Scope" within CVSS. CVSS has evolved a few times since this was originally added making multiple nuanced concepts that may or...
Reasoning: Currently, Entity Role's purpose is for defining relevant security boundaries across existing assessment systems. This change will enable tracking of these boundaries using the concept of System of Interest....
# User Story: Mermaid is a tool that can be used to visualize the Vulntology Graphs using text representations within GitHub. We may be able to leverage this tool to...
# User Story: The vulntology could possibly be used to describe vulnerabilities that might fall outside the qualifications established by common systems such as CVE. This could result in Vulntology...
# User Story: Organizations may care about impacts a vulnerability could cause that are not simply related to human injury or property destruction. A small list of possible categories was...
# User Story: Currently there are no assignable values to assist with establishing current threat levels of a given vulnerability. What can we capture within the Vulntology to better represent...
# User Story: Throughout the Vulnerability life cycle there are a series of events that would be valuable to track for historical, maintenance and academic purposes. Should we consider adding...