boos
commented
7 years ago What about following my proposal? https://github.com/usnistgov/mobile-threat-catalogue/issues/120
I had the chance to talk about threats categorization using CVSS (instead of vulnerabilities categorization) with a guy that was involved in the definition of CVSS v3.0 and he confirmed that CVSS can be easily used to organize/categorize/classify threats as well.
cjb9
Entered on behalf of Jeffrey Chichonski, NIST
General Comment
Threat ID:
Type of Comment:
Proposed Change: Additional metadata for an Attack Type (i.e., eavesdropping, denial of service, replay attack, masquerade attack, MiTM, SQL Injection).
Justification: Cool if an organization that is interested in preventing certain types of attacks (e.g., DoS) could just search for 'DoS' and see all current threats within the catalog thus expanding the ways organization would be able to utilize the MTC.