Closed jcran closed 6 years ago
jcran
commented
7 years ago Just realized @plr0man may have already answered this: https://github.com/bugcrowd/vulnerability-rating-taxonomy/pull/33#issuecomment-313834206
Just want to verify - this is still accurate?
barnett
commented
7 years ago Hey @jcran,
We walk through how to create a new mapping in the readme:
Sometimes it is useful to convert VRT IDs to other vulnerability classification systems, eg CVSS. Such mappings are supported by adding a mapping file to the mappings directory. These files have a similar structure to the main VRT file but only include the id and children attributes, plus an additional mapping attribute with the same name as the file.
I'd like to revisit #33 for CWE now that CVSS (#86) is in.
CWE is an alternate taxonomy that should map to our VRT relatively cleanly, as demonstrated in #33. This will be useful for customers, and for mapping to other data, for example: http://cwe.mitre.org/top25/.
Should be a new file, or do we want to co-opt the CVSS mapping json?