{ "namespace": "vulnerability", "expanded": "vulnerability", "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.", "version": 1, "predicates": [ { "value": "exploitability", "expanded": "Exploitability", "description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.", "exclusive": true }, { "value": "information", "expanded": "Information", "description": "Complementary information related to the vulnerability." } ], "values": [ { "predicate": "exploitability", "entry": [ { "value": "industrialised", "expanded": "Industrialised", "description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation." }, { "value": "customised", "expanded": "Customised", "description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation." }, { "value": "documented", "expanded": "Documented", "description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available." }, { "value": "theoretical", "expanded": "Theoretical", "description": "Publication describes a theoretical but no actual vulnerability is reported." } ] }, { "predicate": "information", "entry": [ { "value": "PoC", "expanded": "Proof-of-Concept", "description": "Reference to a proof-of-concept for exploiting the vulnerability." }, { "value": "remediation", "expanded": "Remediation", "description": "Remediation to limit or block the exploitability of the vulnerability." }, { "value": "annotation", "expanded": "Annotation", "description": "Annotation or clarification to a vulnerability." } ] } ] }