Closed sdog-nist closed 7 years ago
What about following my proposal? https://github.com/usnistgov/mobile-threat-catalogue/issues/120
I had the chance to talk about threats categorization using CVSS (instead of vulnerabilities categorization) with a guy that was involved in the definition of CVSS v3.0 and he confirmed that CVSS can be easily used to organize/categorize/classify threats as well.
Thanks. In the short and medium term, we will link to the appropriate ATT&CK type. See comment in #120
Closed per #128
Entered on behalf of Jeffrey Chichonski, NIST
General Comment
Threat ID:
Type of Comment:
Proposed Change: Additional metadata for an Attack Type (i.e., eavesdropping, denial of service, replay attack, masquerade attack, MiTM, SQL Injection).
Justification: Cool if an organization that is interested in preventing certain types of attacks (e.g., DoS) could just search for 'DoS' and see all current threats within the catalog thus expanding the ways organization would be able to utilize the MTC.