Open CERT-VDE opened 1 month ago
@CERT-VDE The comments mailing list is now back online. Please formally announce your suggestion there, e.g. through "Please see our suggest in Github Issue XYZ (https://github.com/oasis-tcs/csaf/issues/XYZ)."
Thank you!
It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an array of multiple CAPECs. This may add information to CSAF advisories that help to asses risks of a vulnerability.