Closed SteliosZ closed 3 years ago
Hi @SteliosZ,
Thanks for your interest.
We considered using CPE (or SWID) data as the basis of common STIX objects, but there are over 600,000 entries. It might make sense to select some of the more common software products - as you mentioned, sometime in the future.
As for CWEs, there is currently no STIX object type for weaknesses. There is an ongoing discussion within the CWE community how CWEs might be represented in STIX, but no conclusions yet.
Hello !
Is it possible to add CWE and CPE data that already exists in NIST's NVD ? Or you would have to create Software Objects first, for CPEs for example, and then reference it ?
Is it something you may add sometime in the future ?
Thanks in advance for your time :)