Add optional CAPEC to vulnerabilities

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code

https://github.com/oasis-tcs/csaf

Other

142 stars 39 forks source link

Add optional CAPEC to vulnerabilities #766

Open CERT-VDE opened 1 month ago

CERT-VDE commented 1 month ago

It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an array of multiple CAPECs. This may add information to CSAF advisories that help to asses risks of a vulnerability.

tschmidtb51 commented 1 month ago

@CERT-VDE The comments mailing list is now back online. Please formally announce your suggestion there, e.g. through "Please see our suggest in Github Issue XYZ (https://github.com/oasis-tcs/csaf/issues/XYZ)."

Thank you!