jhas3c
commented
8 months ago @TimmyBugcrowd It seems secure-code-warrior-links.json is not updated with the new vrt items.
➜ vulnerability-rating-taxonomy git:(1.13-version-vulnerabilty.json) ✗ python3 lib/validate_artifacts.py
/Users/bugcrowd/Library/Python/3.9/lib/python/site-packages/urllib3/__init__.py:35: NotOpenSSLWarning: urllib3 v2 only supports OpenSSL 1.1.1+, currently the 'ssl' module is compiled with 'LibreSSL 2.8.3'. See: https://github.com/urllib3/urllib3/issues/3020
warnings.warn(
/Users/bugcrowd/projects/vulnerability-rating-taxonomy/third-party-mappings/remediation_training/secure-code-warrior-links.json
SCW Document is invalid, copy the artifact to the remediation training
Adding: Physical Security Issues - Bypass of physical access control - VARIES Physical Security Issues - Weakness in physical access control - Clonable Key - VARIES Physical Security Issues - Weakness in physical access control - Master Key Identification - VARIES Physical Security Issues - Weakness in physical access control - Commonly Keyed System - P2
Insecure OS/Firmware - Weakness in Firmware Updates - Firmware cannot be updated - VARIES Insecure OS/Firmware - Weakness in Firmware Updates - Firmware does not validate update integrity- P3 Insecure OS/Firmware - Weakness in Firmware Updates - Firmware is not encrypted- P5
Insecure OS/Firmware - Kiosk Escape or Breakout - VARIES Insecure OS/Firmware - Poorly Configured Disk Encryption - VARIES Insecure OS/Firmware - Shared Credentials on Storage - P3 Insecure OS/Firmware - Over-Permissioned Credentials on Storage - P2 Insecure OS/Firmware - Local Administrator on default environment - P2 Insecure OS/Firmware - Poorly Configured Operating System Security - VARIES Insecure OS/Firmware - Recovery of Disk Contains Sensitive Material - VARIES Insecure OS/Firmware - Failure to Remove Sensitive Artifacts from Disk - VARIES
Insecure OS/Firmware - Data not encrypted at rest - Sensitive - VARIES Insecure OS/Firmware - Data not encrypted at rest - Non sensitive - P5