Open kajaaz opened 2 months ago
Currently, I am only aware of the EEA EthTrust : https://entethalliance.github.io/eta-registry/security-levels-spec.html
I think they did a decent job: https://dl.acm.org/doi/fullHtml/10.1145/3391195#sec-9
@pcaversaccio Yes I was aware of that work but it is from 2020, so the vulnerabilities types are a bit old. I was more looking for a vulnerabilities classification scheme like the CVE (e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-40014). Would it be relevant to create a scheme specific to web3 vulnerabilities or should we follow the NIST one ?
@pcaversaccio Yes I was aware of that work but it is from 2020, so the vulnerabilities types are a bit old. I was more looking for a vulnerabilities classification scheme like the CVE (e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-40014). Would it be relevant to create a scheme specific to web3 vulnerabilities or should we follow the NIST one ?
I don't have the perfect answer here yet tbh. Will think about it and ask other SEAL members.
Hey,
I just wondered if you already have think about a model for web3 vulnerabilities classification to collect them in a database like the MITRE's one ?
Thanks