misp-taxonomies/vulnerability/machinetag.json

{
  "namespace": "vulnerability",
  "expanded": "vulnerability",
  "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",
  "version": 1,
  "predicates": [
    {
      "value": "exploitability",
      "expanded": "Exploitability",
      "description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.",
      "exclusive": true
    },
    {
      "value": "information",
      "expanded": "Information",
      "description": "Complementary information related to the vulnerability."
    }
  ],
  "values": [
    {
      "predicate": "exploitability",
      "entry": [
        {
          "value": "industrialised",
          "expanded": "Industrialised",
          "description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation."
        },
        {
          "value": "customised",
          "expanded": "Customised",
          "description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation."
        },
        {
          "value": "documented",
          "expanded": "Documented",
          "description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available."
        },
        {
          "value": "theoretical",
          "expanded": "Theoretical",
          "description": "Publication describes a theoretical but no actual vulnerability is reported."
        }
      ]
    },
    {
      "predicate": "information",
      "entry": [
        {
          "value": "PoC",
          "expanded": "Proof-of-Concept",
          "description": "Reference to a proof-of-concept for exploiting the vulnerability."
        },
        {
          "value": "remediation",
          "expanded": "Remediation",
          "description": "Remediation to limit or block the exploitability of the vulnerability."
        },
        {
          "value": "annotation",
          "expanded": "Annotation",
          "description": "Annotation or clarification to a vulnerability."
        }
      ]
    }
  ]
}
new: [vulnerability] first version of a taxonomy for vulnerabilities This taxonomy is originally maintained by MISP project and done for the vulnerability-lookup project https://github.com/cve-search/vulnerability-lookup The taxonomy will be extended and improved. Contributions are also very welcome. Thanks to @cedricbonhomme for the original discussions. 2024-08-30 09:27:41 +02:00			`{`
			`"namespace": "vulnerability",`
			`"expanded": "vulnerability",`
			`"description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",`
			`"version": 1,`
			`"predicates": [`
			`{`
			`"value": "exploitability",`
			`"expanded": "Exploitability",`
			`"description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.",`
			`"exclusive": true`
			`},`
			`{`
			`"value": "information",`
			`"expanded": "Information",`
			`"description": "Complementary information related to the vulnerability."`
			`}`
			`],`
			`"values": [`
			`{`
			`"predicate": "exploitability",`
			`"entry": [`
			`{`
			`"value": "industrialised",`
			`"expanded": "Industrialised",`
			`"description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation."`
			`},`
			`{`
			`"value": "customised",`
			`"expanded": "Customised",`
			`"description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation."`
			`},`
			`{`
			`"value": "documented",`
			`"expanded": "Documented",`
			`"description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available."`
			`},`
			`{`
			`"value": "theoretical",`
			`"expanded": "Theoretical",`
			`"description": "Publication describes a theoretical but no actual vulnerability is reported."`
			`}`
			`]`
			`},`
			`{`
			`"predicate": "information",`
			`"entry": [`
			`{`
			`"value": "PoC",`
			`"expanded": "Proof-of-Concept",`
			`"description": "Reference to a proof-of-concept for exploiting the vulnerability."`
			`},`
			`{`
			`"value": "remediation",`
			`"expanded": "Remediation",`
			`"description": "Remediation to limit or block the exploitability of the vulnerability."`
			`},`
			`{`
			`"value": "annotation",`
			`"expanded": "Annotation",`
			`"description": "Annotation or clarification to a vulnerability."`
			`}`
			`]`
			`}`
			`]`
			`}`