diff --git a/data/json/decision_points/automatable_2_0_0.json b/data/json/decision_points/automatable_2_0_0.json index a44086f9..5a0528d8 100644 --- a/data/json/decision_points/automatable_2_0_0.json +++ b/data/json/decision_points/automatable_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Automatable", + "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Automatable", - "description": "Can an attacker reliably automate creating exploitation events for this vulnerability?", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/access_complexity_1_0_0.json b/data/json/decision_points/cvss/access_complexity_1_0_0.json index 30e88f11..b07e7595 100644 --- a/data/json/decision_points/cvss/access_complexity_1_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_complexity_2_0_0.json b/data/json/decision_points/cvss/access_complexity_2_0_0.json index 09c795fc..15fec7b8 100644 --- a/data/json/decision_points/cvss/access_complexity_2_0_0.json +++ b/data/json/decision_points/cvss/access_complexity_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Complexity", + "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Access Complexity", - "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_1_0_0.json b/data/json/decision_points/cvss/access_vector_1_0_0.json index beee709d..55d6d8c6 100644 --- a/data/json/decision_points/cvss/access_vector_1_0_0.json +++ b/data/json/decision_points/cvss/access_vector_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Vector", + "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Access Vector", - "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/access_vector_2_0_0.json b/data/json/decision_points/cvss/access_vector_2_0_0.json index 9f68fb5a..14918e5c 100644 --- a/data/json/decision_points/cvss/access_vector_2_0_0.json +++ b/data/json/decision_points/cvss/access_vector_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Access Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Access Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_0.json b/data/json/decision_points/cvss/attack_complexity_3_0_0.json index b9dd8584..e2ef4655 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "AC", - "name": "Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_complexity_3_0_1.json b/data/json/decision_points/cvss/attack_complexity_3_0_1.json index 7f49cf1d..a3469f1b 100644 --- a/data/json/decision_points/cvss/attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "AC", - "name": "Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/attack_requirements_1_0_0.json b/data/json/decision_points/cvss/attack_requirements_1_0_0.json index 4232fa7b..eaff05de 100644 --- a/data/json/decision_points/cvss/attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AT", - "name": "Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_0.json b/data/json/decision_points/cvss/attack_vector_3_0_0.json index 612e5c72..3db17af6 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "AV", - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/attack_vector_3_0_1.json b/data/json/decision_points/cvss/attack_vector_3_0_1.json index fbf31693..fe2baea6 100644 --- a/data/json/decision_points/cvss/attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "AV", - "name": "Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/authentication_1_0_0.json b/data/json/decision_points/cvss/authentication_1_0_0.json index 0e2f41e7..a2bedd42 100644 --- a/data/json/decision_points/cvss/authentication_1_0_0.json +++ b/data/json/decision_points/cvss/authentication_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Authentication", + "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "Au", - "name": "Authentication", - "description": "This metric measures whether or not an attacker needs to be authenticated to the target system in order to exploit the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/authentication_2_0_0.json b/data/json/decision_points/cvss/authentication_2_0_0.json index 98a1037b..f618747f 100644 --- a/data/json/decision_points/cvss/authentication_2_0_0.json +++ b/data/json/decision_points/cvss/authentication_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Authentication", + "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "Au", - "name": "Authentication", - "description": "This metric measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability. This metric does not gauge the strength or complexity of the authentication process, only that an attacker is required to provide credentials before an exploit may occur. The possible values for this metric are listed in Table 3. The fewer authentication instances that are required, the higher the vulnerability score.", "values": [ { "key": "M", diff --git a/data/json/decision_points/cvss/automatable_1_0_0.json b/data/json/decision_points/cvss/automatable_1_0_0.json index 1963318c..03956092 100644 --- a/data/json/decision_points/cvss/automatable_1_0_0.json +++ b/data/json/decision_points/cvss/automatable_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Automatable", + "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AU", - "name": "Automatable", - "description": "The \"Automatable\" metric captures the answer to the question \"Can an attacker automate exploitation events for this vulnerability across multiple targets?\" based on steps 1-4 of the kill chain.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_1_0_0.json b/data/json/decision_points/cvss/availability_impact_1_0_0.json index 4c2b59e3..ad667d01 100644 --- a/data/json/decision_points/cvss/availability_impact_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Availability Impact", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_2_0_0.json b/data/json/decision_points/cvss/availability_impact_2_0_0.json index f3b37b02..7fd162ed 100644 --- a/data/json/decision_points/cvss/availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "A", - "name": "Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json index be7cedbe..79369891 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SA", - "name": "Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json index ebef410c..4e999e21 100644 --- a/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VA", - "name": "Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/availability_requirement_1_0_0.json b/data/json/decision_points/cvss/availability_requirement_1_0_0.json index cbffe72a..01bd1da6 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_0.json b/data/json/decision_points/cvss/availability_requirement_1_1_0.json index 66dec4d4..28045aa0 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric measures the impact to the availability of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/availability_requirement_1_1_1.json b/data/json/decision_points/cvss/availability_requirement_1_1_1.json index 9e4a94fe..cb041336 100644 --- a/data/json/decision_points/cvss/availability_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/availability_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Availability Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "AR", - "name": "Availability Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Availability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json index b650ad2f..19666f0f 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "CDP", - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for a loss in physical equipment, property damage or loss of life or limb.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json index c08f0fe8..00206e66 100644 --- a/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json +++ b/data/json/decision_points/cvss/collateral_damage_potential_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Collateral Damage Potential", + "description": "This metric measures the potential for loss of life or physical assets.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "CDP", - "name": "Collateral Damage Potential", - "description": "This metric measures the potential for loss of life or physical assets.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json index f8e633e6..8f9ad138 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact", + "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "C", - "name": "Confidentiality Impact", - "description": "This metric measures the impact on confidentiality of a successful exploit of the vulnerability on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json index 5d8f0826..6f8c6c64 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "C", - "name": "Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json index 741722cd..1b2041aa 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json index ceea5568..6fc61ef9 100644 --- a/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VC", - "name": "Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json index 988ee409..04b9e92d 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json index 2c508587..87453bab 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric measures the impact to the confidentiality of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json index 2e1ef437..1c71ed0d 100644 --- a/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/confidentiality_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Confidentiality Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "CR", - "name": "Confidentiality Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json index 9046163e..e4563635 100644 --- a/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_1_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 1", + "description": "AV/PR/UI with 3 levels specified in Table 24", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ1", - "name": "Equivalence Set 1", - "description": "AV/PR/UI with 3 levels specified in Table 24", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json index f9fa06e5..db8745ce 100644 --- a/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_2_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 2", + "description": "AC/AT with 2 levels specified in Table 25", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ2", - "name": "Equivalence Set 2", - "description": "AC/AT with 2 levels specified in Table 25", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json index a617a8f4..4b1aaf2b 100644 --- a/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_3_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 3", + "description": "VC/VI/VA with 3 levels specified in Table 26", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ3", - "name": "Equivalence Set 3", - "description": "VC/VI/VA with 3 levels specified in Table 26", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json index 761d6ec8..d732ec5b 100644 --- a/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_4_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 4", + "description": "SC/SI/SA with 3 levels specified in Table 27", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ4", - "name": "Equivalence Set 4", - "description": "SC/SI/SA with 3 levels specified in Table 27", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json index 1f1b7eec..f79d20a7 100644 --- a/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_5_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 5", + "description": "E with 3 levels specified in Table 28", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ5", - "name": "Equivalence Set 5", - "description": "E with 3 levels specified in Table 28", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json index 599ec3b1..631acd7b 100644 --- a/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json +++ b/data/json/decision_points/cvss/equivalence_set_6_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Equivalence Set 6", + "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EQ6", - "name": "Equivalence Set 6", - "description": "VC/VI/VA+CR/CI/CA with 2 levels specified in Table 29", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json index a900808a..a4e59e23 100644 --- a/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json +++ b/data/json/decision_points/cvss/exploit_code_maturity_1_2_0.json @@ -1,10 +1,10 @@ { + "name": "Exploit Code Maturity", + "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "namespace": "cvss", "version": "1.2.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploit Code Maturity", - "description": "measures the likelihood of the vulnerability being attacked, and is typically based on the current state of exploit techniques, exploit code availability, or active, 'in-the-wild' exploitation", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json index 879891f6..28eeebd3 100644 --- a/data/json/decision_points/cvss/exploit_maturity_2_0_0.json +++ b/data/json/decision_points/cvss/exploit_maturity_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploit Maturity", + "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploit Maturity", - "description": "This metric measures the likelihood of the vulnerability being attacked, and is based on the current state of exploit techniques, exploit code availability, or active, “in-the-wild” exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_0_0.json b/data/json/decision_points/cvss/exploitability_1_0_0.json index be804085..707f297d 100644 --- a/data/json/decision_points/cvss/exploitability_1_0_0.json +++ b/data/json/decision_points/cvss/exploitability_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/exploitability_1_1_0.json b/data/json/decision_points/cvss/exploitability_1_1_0.json index f2d07e9d..add3fd28 100644 --- a/data/json/decision_points/cvss/exploitability_1_1_0.json +++ b/data/json/decision_points/cvss/exploitability_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitability", + "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitability", - "description": "This metric measures the current state of exploit technique or code availability and suggests a likelihood of exploitation.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/impact_bias_1_0_0.json b/data/json/decision_points/cvss/impact_bias_1_0_0.json index 97039be4..fc7316eb 100644 --- a/data/json/decision_points/cvss/impact_bias_1_0_0.json +++ b/data/json/decision_points/cvss/impact_bias_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Impact Bias", + "description": "This metric measures the impact bias of the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "IB", - "name": "Impact Bias", - "description": "This metric measures the impact bias of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_1_0_0.json index cf1dcc9b..5880fcf4 100644 --- a/data/json/decision_points/cvss/integrity_impact_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact", + "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "I", - "name": "Integrity Impact", - "description": "This metric measures the impact on integrity a successful exploit of the vulnerability will have on the target system.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_2_0_0.json b/data/json/decision_points/cvss/integrity_impact_2_0_0.json index 48102023..ecb0fd66 100644 --- a/data/json/decision_points/cvss/integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "I", - "name": "Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json index ab4089b3..80c99790 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json index ad055d84..745ee9e1 100644 --- a/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "VI", - "name": "Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json index 73d07de1..f49d6438 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_0_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json index 5515b3b4..7378845f 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_0.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric measures the impact to the integrity of a successfully exploited vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json index 4a99083a..05fd2858 100644 --- a/data/json/decision_points/cvss/integrity_requirement_1_1_1.json +++ b/data/json/decision_points/cvss/integrity_requirement_1_1_1.json @@ -1,10 +1,10 @@ { + "name": "Integrity Requirement", + "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "namespace": "cvss", "version": "1.1.1", "schemaVersion": "1-0-1", "key": "IR", - "name": "Integrity Requirement", - "description": "This metric enables the consumer to customize the assessment depending on the importance of the affected IT asset to the analyst’s organization, measured in terms of Confidentiality.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json index 09fa2cab..6e8df236 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Complexity", + "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MAC", - "name": "Modified Attack Complexity", - "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json index 9ddd5581..a8bee010 100644 --- a/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_complexity_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Complexity", + "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "MAC", - "name": "Modified Attack Complexity", - "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ", "values": [ { "key": "L", diff --git a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json index be523348..4f446155 100644 --- a/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_requirements_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Requirements", + "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MAT", - "name": "Modified Attack Requirements", - "description": "This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json index afb49892..cd8261e7 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MAV", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. ", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json index 32f378f7..35995809 100644 --- a/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json +++ b/data/json/decision_points/cvss/modified_attack_vector_3_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Attack Vector", + "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "namespace": "cvss", "version": "3.0.1", "schemaVersion": "1-0-1", "key": "MAV", - "name": "Modified Attack Vector", - "description": "This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.", "values": [ { "key": "P", diff --git a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json index 861be583..efea9be1 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact", + "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MA", - "name": "Modified Availability Impact", - "description": "This metric measures the impact to availability of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json index e1e91459..786f0390 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact to the Subsequent System", + "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSA", - "name": "Modified Availability Impact to the Subsequent System", - "description": "This metric measures the impact on availability a successful exploit of the vulnerability will have on the Subsequent System.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json index 7003a551..689120d5 100644 --- a/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_availability_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Availability Impact to the Vulnerable System", + "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVA", - "name": "Modified Availability Impact to the Vulnerable System", - "description": "This metric measures the impact to the availability of the impacted system resulting from a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json index 5920006a..ef523bac 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact", + "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MC", - "name": "Modified Confidentiality Impact", - "description": "This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json index 1abda292..ea677a2a 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact to the Subsequent System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSC", - "name": "Modified Confidentiality Impact to the Subsequent System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones. The resulting score is greatest when the loss to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json index aba1fa8b..b3f09692 100644 --- a/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_confidentiality_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Confidentiality Impact to the Vulnerable System", + "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVC", - "name": "Modified Confidentiality Impact to the Vulnerable System", - "description": "This metric measures the impact to the confidentiality of the information managed by the system due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json index 359fb804..0e010de0 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Modified Integrity Impact", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json index ec3d57b3..719e36b4 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_subsequent_system_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact to the Subsequent System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MSI", - "name": "Modified Integrity Impact to the Subsequent System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of a system is impacted when an attacker causes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging). The resulting score is greatest when the consequence to the system is highest.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json index 5a3c69e0..76f318a2 100644 --- a/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json +++ b/data/json/decision_points/cvss/modified_integrity_impact_to_the_vulnerable_system_3_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Integrity Impact to the Vulnerable System", + "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "namespace": "cvss", "version": "3.0.0", "schemaVersion": "1-0-1", "key": "MVI", - "name": "Modified Integrity Impact to the Vulnerable System", - "description": "This metric measures the impact to integrity of a successfully exploited vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json index b31ad194..4aa2e7fe 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MPR", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json index 92297091..9edb12a4 100644 --- a/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/modified_privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Modified Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "MPR", - "name": "Modified Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/modified_scope_1_0_0.json b/data/json/decision_points/cvss/modified_scope_1_0_0.json index 21d82cba..7eb01d1c 100644 --- a/data/json/decision_points/cvss/modified_scope_1_0_0.json +++ b/data/json/decision_points/cvss/modified_scope_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MS", - "name": "Modified Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json index cea0d0c0..dab50cf5 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MUI", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json index a4242ca6..2fbfe36b 100644 --- a/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/modified_user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Modified User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MUI", - "name": "Modified User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_0.json b/data/json/decision_points/cvss/privileges_required_1_0_0.json index e7a14402..0f918c46 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_0.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PR", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/privileges_required_1_0_1.json b/data/json/decision_points/cvss/privileges_required_1_0_1.json index 79c6c94a..698e4dc3 100644 --- a/data/json/decision_points/cvss/privileges_required_1_0_1.json +++ b/data/json/decision_points/cvss/privileges_required_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Privileges Required", + "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "namespace": "cvss", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "PR", - "name": "Privileges Required", - "description": "This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.", "values": [ { "key": "H", diff --git a/data/json/decision_points/cvss/provider_urgency_1_0_0.json b/data/json/decision_points/cvss/provider_urgency_1_0_0.json index 0e277cca..6a319c77 100644 --- a/data/json/decision_points/cvss/provider_urgency_1_0_0.json +++ b/data/json/decision_points/cvss/provider_urgency_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Provider Urgency", + "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "U", - "name": "Provider Urgency", - "description": "Many vendors currently provide supplemental severity ratings to consumers via product security advisories. Other vendors publish Qualitative Severity Ratings from the CVSS Specification Document in their advisories. To facilitate a standardized method to incorporate additional provider-supplied assessment, an optional \"pass-through\" Supplemental Metric called Provider Urgency is available.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/recovery_1_0_0.json b/data/json/decision_points/cvss/recovery_1_0_0.json index 8a4beda9..b8597662 100644 --- a/data/json/decision_points/cvss/recovery_1_0_0.json +++ b/data/json/decision_points/cvss/recovery_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Recovery", + "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "R", - "name": "Recovery", - "description": "The Recovery metric describes the resilience of a system to recover services, in terms of performance and availability, after an attack has been performed.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/remediation_level_1_0_0.json b/data/json/decision_points/cvss/remediation_level_1_0_0.json index 11f9384f..cc5a3866 100644 --- a/data/json/decision_points/cvss/remediation_level_1_0_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RL", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/remediation_level_1_1_0.json b/data/json/decision_points/cvss/remediation_level_1_1_0.json index ccaa439c..eda1100a 100644 --- a/data/json/decision_points/cvss/remediation_level_1_1_0.json +++ b/data/json/decision_points/cvss/remediation_level_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Remediation Level", + "description": "This metric measures the remediation status of a vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "RL", - "name": "Remediation Level", - "description": "This metric measures the remediation status of a vulnerability.", "values": [ { "key": "OF", diff --git a/data/json/decision_points/cvss/report_confidence_1_0_0.json b/data/json/decision_points/cvss/report_confidence_1_0_0.json index 85940cf0..0dc24b8b 100644 --- a/data/json/decision_points/cvss/report_confidence_1_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_1_1_0.json b/data/json/decision_points/cvss/report_confidence_1_1_0.json index 691f1e87..c3c2b7aa 100644 --- a/data/json/decision_points/cvss/report_confidence_1_1_0.json +++ b/data/json/decision_points/cvss/report_confidence_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "UC", diff --git a/data/json/decision_points/cvss/report_confidence_2_0_0.json b/data/json/decision_points/cvss/report_confidence_2_0_0.json index 502e1291..cf6cf0ca 100644 --- a/data/json/decision_points/cvss/report_confidence_2_0_0.json +++ b/data/json/decision_points/cvss/report_confidence_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Confidence", + "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Confidence", - "description": "This metric measures the degree of confidence in the existence of the vulnerability and the credibility of the known technical details.", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/safety_1_0_0.json b/data/json/decision_points/cvss/safety_1_0_0.json index a72a7cd6..987de4d0 100644 --- a/data/json/decision_points/cvss/safety_1_0_0.json +++ b/data/json/decision_points/cvss/safety_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety", + "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "S", - "name": "Safety", - "description": "The Safety decision point is a measure of the potential for harm to humans or the environment.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/scope_1_0_0.json b/data/json/decision_points/cvss/scope_1_0_0.json index 2ed72c80..0025ac97 100644 --- a/data/json/decision_points/cvss/scope_1_0_0.json +++ b/data/json/decision_points/cvss/scope_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Scope", + "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "S", - "name": "Scope", - "description": "the ability for a vulnerability in one software component to impact resources beyond its means, or privileges", "values": [ { "key": "U", diff --git a/data/json/decision_points/cvss/target_distribution_1_0_0.json b/data/json/decision_points/cvss/target_distribution_1_0_0.json index 1d86b7ca..97b94297 100644 --- a/data/json/decision_points/cvss/target_distribution_1_0_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "TD", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/target_distribution_1_1_0.json b/data/json/decision_points/cvss/target_distribution_1_1_0.json index bc126152..5e0d93f0 100644 --- a/data/json/decision_points/cvss/target_distribution_1_1_0.json +++ b/data/json/decision_points/cvss/target_distribution_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Target Distribution", + "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "namespace": "cvss", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "TD", - "name": "Target Distribution", - "description": "This metric measures the relative size of the field of target systems susceptible to the vulnerability. It is meant as an environment-specific indicator in order to approximate the percentage of systems within the environment that could be affected by the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/cvss/user_interaction_1_0_0.json b/data/json/decision_points/cvss/user_interaction_1_0_0.json index 84f623ba..eb4e9bfb 100644 --- a/data/json/decision_points/cvss/user_interaction_1_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "User Interaction", + "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "UI", - "name": "User Interaction", - "description": "This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.", "values": [ { "key": "R", diff --git a/data/json/decision_points/cvss/user_interaction_2_0_0.json b/data/json/decision_points/cvss/user_interaction_2_0_0.json index 7794cc14..160107aa 100644 --- a/data/json/decision_points/cvss/user_interaction_2_0_0.json +++ b/data/json/decision_points/cvss/user_interaction_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "User Interaction", + "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "namespace": "cvss", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "UI", - "name": "User Interaction", - "description": "This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner. The resulting score is greatest when no user interaction is required.", "values": [ { "key": "A", diff --git a/data/json/decision_points/cvss/value_density_1_0_0.json b/data/json/decision_points/cvss/value_density_1_0_0.json index a4f06724..1ca1a355 100644 --- a/data/json/decision_points/cvss/value_density_1_0_0.json +++ b/data/json/decision_points/cvss/value_density_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Value Density", + "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "V", - "name": "Value Density", - "description": "Value Density describes the resources that the attacker will gain control over with a single exploitation event. It has two possible values, diffuse and concentrated.", "values": [ { "key": "X", diff --git a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json index 71e2f3cc..bb334844 100644 --- a/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json +++ b/data/json/decision_points/cvss/vulnerability_response_effort_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Vulnerability Response Effort", + "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "namespace": "cvss", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RE", - "name": "Vulnerability Response Effort", - "description": "The intention of the Vulnerability Response Effort metric is to provide supplemental information on how difficult it is for consumers to provide an initial response to the impact of vulnerabilities for deployed products and services in their infrastructure. The consumer can then take this additional information on effort required into consideration when applying mitigations and/or scheduling remediation.", "values": [ { "key": "X", diff --git a/data/json/decision_points/exploitation_1_0_0.json b/data/json/decision_points/exploitation_1_0_0.json index 42242c30..d1cf71b2 100644 --- a/data/json/decision_points/exploitation_1_0_0.json +++ b/data/json/decision_points/exploitation_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/exploitation_1_1_0.json b/data/json/decision_points/exploitation_1_1_0.json index f436738a..e54d2ace 100644 --- a/data/json/decision_points/exploitation_1_1_0.json +++ b/data/json/decision_points/exploitation_1_1_0.json @@ -1,10 +1,10 @@ { + "name": "Exploitation", + "description": "The present state of exploitation of the vulnerability.", "namespace": "ssvc", "version": "1.1.0", "schemaVersion": "1-0-1", "key": "E", - "name": "Exploitation", - "description": "The present state of exploitation of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/human_impact_2_0_0.json b/data/json/decision_points/human_impact_2_0_0.json index b9fec592..80af1b78 100644 --- a/data/json/decision_points/human_impact_2_0_0.json +++ b/data/json/decision_points/human_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "HI", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "values": [ { "key": "L", diff --git a/data/json/decision_points/human_impact_2_0_1.json b/data/json/decision_points/human_impact_2_0_1.json index 9fd6ba91..3942e93a 100644 --- a/data/json/decision_points/human_impact_2_0_1.json +++ b/data/json/decision_points/human_impact_2_0_1.json @@ -1,10 +1,10 @@ { + "name": "Human Impact", + "description": "Human Impact is a combination of Safety and Mission impacts.", "namespace": "ssvc", "version": "2.0.1", "schemaVersion": "1-0-1", "key": "HI", - "name": "Human Impact", - "description": "Human Impact is a combination of Safety and Mission impacts.", "values": [ { "key": "L", diff --git a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json index 20c2ad3a..95de41e6 100644 --- a/data/json/decision_points/mission_and_well-being_impact_1_0_0.json +++ b/data/json/decision_points/mission_and_well-being_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission and Well-Being Impact", + "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MWI", - "name": "Mission and Well-Being Impact", - "description": "Mission and Well-Being Impact is a combination of Mission Prevalence and Public Well-Being Impact.", "values": [ { "key": "L", diff --git a/data/json/decision_points/mission_impact_1_0_0.json b/data/json/decision_points/mission_impact_1_0_0.json index 3dd1a4ba..ac6b2915 100644 --- a/data/json/decision_points/mission_impact_1_0_0.json +++ b/data/json/decision_points/mission_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "values": [ { "key": "N", diff --git a/data/json/decision_points/mission_impact_2_0_0.json b/data/json/decision_points/mission_impact_2_0_0.json index 51f392e9..b0a3fc77 100644 --- a/data/json/decision_points/mission_impact_2_0_0.json +++ b/data/json/decision_points/mission_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Mission Impact", + "description": "Impact on Mission Essential Functions of the Organization", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "MI", - "name": "Mission Impact", - "description": "Impact on Mission Essential Functions of the Organization", "values": [ { "key": "D", diff --git a/data/json/decision_points/public_safety_impact_2_0_0.json b/data/json/decision_points/public_safety_impact_2_0_0.json index 03eaa0d8..74b06423 100644 --- a/data/json/decision_points/public_safety_impact_2_0_0.json +++ b/data/json/decision_points/public_safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "PSI", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "values": [ { "key": "M", diff --git a/data/json/decision_points/public_safety_impact_2_0_1.json b/data/json/decision_points/public_safety_impact_2_0_1.json index e61afe04..7c60c4ef 100644 --- a/data/json/decision_points/public_safety_impact_2_0_1.json +++ b/data/json/decision_points/public_safety_impact_2_0_1.json @@ -1,10 +1,10 @@ { + "name": "Public Safety Impact", + "description": "A coarse-grained representation of impact to public safety.", "namespace": "ssvc", "version": "2.0.1", "schemaVersion": "1-0-1", "key": "PSI", - "name": "Public Safety Impact", - "description": "A coarse-grained representation of impact to public safety.", "values": [ { "key": "M", diff --git a/data/json/decision_points/public_value_added_1_0_0.json b/data/json/decision_points/public_value_added_1_0_0.json index a376f8bb..ae508569 100644 --- a/data/json/decision_points/public_value_added_1_0_0.json +++ b/data/json/decision_points/public_value_added_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Value Added", + "description": "How much value would a publication from the coordinator benefit the broader community?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PVA", - "name": "Public Value Added", - "description": "How much value would a publication from the coordinator benefit the broader community?", "values": [ { "key": "L", diff --git a/data/json/decision_points/public_well-being_impact_1_0_0.json b/data/json/decision_points/public_well-being_impact_1_0_0.json index 2b1c02bd..7994e948 100644 --- a/data/json/decision_points/public_well-being_impact_1_0_0.json +++ b/data/json/decision_points/public_well-being_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Public Well-Being Impact", + "description": "A coarse-grained representation of impact to public well-being.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "PWI", - "name": "Public Well-Being Impact", - "description": "A coarse-grained representation of impact to public well-being.", "values": [ { "key": "M", diff --git a/data/json/decision_points/report_credibility_1_0_0.json b/data/json/decision_points/report_credibility_1_0_0.json index 06f2d323..8cf756bd 100644 --- a/data/json/decision_points/report_credibility_1_0_0.json +++ b/data/json/decision_points/report_credibility_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Credibility", + "description": "Is the report credible?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RC", - "name": "Report Credibility", - "description": "Is the report credible?", "values": [ { "key": "NC", diff --git a/data/json/decision_points/report_public_1_0_0.json b/data/json/decision_points/report_public_1_0_0.json index ba36050a..5c4d19d8 100644 --- a/data/json/decision_points/report_public_1_0_0.json +++ b/data/json/decision_points/report_public_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Report Public", + "description": "Is a viable report of the details of the vulnerability already publicly available?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "RP", - "name": "Report Public", - "description": "Is a viable report of the details of the vulnerability already publicly available?", "values": [ { "key": "Y", diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/safety_impact_1_0_0.json index 7aadf352..fe240916 100644 --- a/data/json/decision_points/safety_impact_1_0_0.json +++ b/data/json/decision_points/safety_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety Impact", + "description": "The safety impact of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Safety Impact", - "description": "The safety impact of the vulnerability.", "values": [ { "key": "N", diff --git a/data/json/decision_points/safety_impact_2_0_0.json b/data/json/decision_points/safety_impact_2_0_0.json index 19d74d6b..4f839fb8 100644 --- a/data/json/decision_points/safety_impact_2_0_0.json +++ b/data/json/decision_points/safety_impact_2_0_0.json @@ -1,10 +1,10 @@ { + "name": "Safety Impact", + "description": "The safety impact of the vulnerability. (based on IEC 61508)", "namespace": "ssvc", "version": "2.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Safety Impact", - "description": "The safety impact of the vulnerability. (based on IEC 61508)", "values": [ { "key": "N", diff --git a/data/json/decision_points/supplier_cardinality_1_0_0.json b/data/json/decision_points/supplier_cardinality_1_0_0.json index 0adc8300..ec1df5a8 100644 --- a/data/json/decision_points/supplier_cardinality_1_0_0.json +++ b/data/json/decision_points/supplier_cardinality_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Cardinality", + "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Supplier Cardinality", - "description": "How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan?", "values": [ { "key": "O", diff --git a/data/json/decision_points/supplier_contacted_1_0_0.json b/data/json/decision_points/supplier_contacted_1_0_0.json index 2cceb5ed..c32d5755 100644 --- a/data/json/decision_points/supplier_contacted_1_0_0.json +++ b/data/json/decision_points/supplier_contacted_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Contacted", + "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SC", - "name": "Supplier Contacted", - "description": "Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method?", "values": [ { "key": "N", diff --git a/data/json/decision_points/supplier_engagement_1_0_0.json b/data/json/decision_points/supplier_engagement_1_0_0.json index ffd69c94..d9f704b0 100644 --- a/data/json/decision_points/supplier_engagement_1_0_0.json +++ b/data/json/decision_points/supplier_engagement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Engagement", + "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SE", - "name": "Supplier Engagement", - "description": "Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort?", "values": [ { "key": "A", diff --git a/data/json/decision_points/supplier_involvement_1_0_0.json b/data/json/decision_points/supplier_involvement_1_0_0.json index d9c5b433..15d014e5 100644 --- a/data/json/decision_points/supplier_involvement_1_0_0.json +++ b/data/json/decision_points/supplier_involvement_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Supplier Involvement", + "description": "What is the state of the supplier’s work on addressing the vulnerability?", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "SI", - "name": "Supplier Involvement", - "description": "What is the state of the supplier’s work on addressing the vulnerability?", "values": [ { "key": "FR", diff --git a/data/json/decision_points/system_exposure_1_0_0.json b/data/json/decision_points/system_exposure_1_0_0.json index 45671101..c72411b5 100644 --- a/data/json/decision_points/system_exposure_1_0_0.json +++ b/data/json/decision_points/system_exposure_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "EXP", - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "values": [ { "key": "S", diff --git a/data/json/decision_points/system_exposure_1_0_1.json b/data/json/decision_points/system_exposure_1_0_1.json index a6b713d4..4babf60e 100644 --- a/data/json/decision_points/system_exposure_1_0_1.json +++ b/data/json/decision_points/system_exposure_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "System Exposure", + "description": "The Accessible Attack Surface of the Affected System or Service", "namespace": "ssvc", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "EXP", - "name": "System Exposure", - "description": "The Accessible Attack Surface of the Affected System or Service", "values": [ { "key": "S", diff --git a/data/json/decision_points/technical_impact_1_0_0.json b/data/json/decision_points/technical_impact_1_0_0.json index 5f3c7375..92ecdb4e 100644 --- a/data/json/decision_points/technical_impact_1_0_0.json +++ b/data/json/decision_points/technical_impact_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Technical Impact", + "description": "The technical impact of the vulnerability.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "TI", - "name": "Technical Impact", - "description": "The technical impact of the vulnerability.", "values": [ { "key": "P", diff --git a/data/json/decision_points/utility_1_0_0.json b/data/json/decision_points/utility_1_0_0.json index 033b00a3..71d0ca5f 100644 --- a/data/json/decision_points/utility_1_0_0.json +++ b/data/json/decision_points/utility_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "U", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "values": [ { "key": "L", diff --git a/data/json/decision_points/utility_1_0_1.json b/data/json/decision_points/utility_1_0_1.json index 79091345..5c22b7fe 100644 --- a/data/json/decision_points/utility_1_0_1.json +++ b/data/json/decision_points/utility_1_0_1.json @@ -1,10 +1,10 @@ { + "name": "Utility", + "description": "The Usefulness of the Exploit to the Adversary", "namespace": "ssvc", "version": "1.0.1", "schemaVersion": "1-0-1", "key": "U", - "name": "Utility", - "description": "The Usefulness of the Exploit to the Adversary", "values": [ { "key": "L", diff --git a/data/json/decision_points/value_density_1_0_0.json b/data/json/decision_points/value_density_1_0_0.json index 725b53fe..4658a012 100644 --- a/data/json/decision_points/value_density_1_0_0.json +++ b/data/json/decision_points/value_density_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Value Density", + "description": "The concentration of value in the target", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "VD", - "name": "Value Density", - "description": "The concentration of value in the target", "values": [ { "key": "D", diff --git a/data/json/decision_points/virulence_1_0_0.json b/data/json/decision_points/virulence_1_0_0.json index 5d2200d9..b08d9539 100644 --- a/data/json/decision_points/virulence_1_0_0.json +++ b/data/json/decision_points/virulence_1_0_0.json @@ -1,10 +1,10 @@ { + "name": "Virulence", + "description": "The speed at which the vulnerability can be exploited.", "namespace": "ssvc", "version": "1.0.0", "schemaVersion": "1-0-1", "key": "V", - "name": "Virulence", - "description": "The speed at which the vulnerability can be exploited.", "values": [ { "key": "S", diff --git a/src/ssvc/_mixins.py b/src/ssvc/_mixins.py index 2e7edfb2..fabbdc8b 100644 --- a/src/ssvc/_mixins.py +++ b/src/ssvc/_mixins.py @@ -88,6 +88,26 @@ class _Keyed(BaseModel): key: str +class _Valued(BaseModel): + """ + Mixin class for valued SSVC objects. + """ + + values: tuple + + def __iter__(self): + """ + Allow iteration over the values in the object. + """ + return iter(self.values) + + def __len__(self): + """ + Allow len() to be called on the object. + """ + return len(self.values) + + def exclude_if_none(value): return value is None diff --git a/src/ssvc/decision_points/base.py b/src/ssvc/decision_points/base.py index dd79f041..0bb87ecd 100644 --- a/src/ssvc/decision_points/base.py +++ b/src/ssvc/decision_points/base.py @@ -20,7 +20,7 @@ from pydantic import BaseModel -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned from ssvc.namespaces import NameSpace logger = logging.getLogger(__name__) @@ -62,13 +62,13 @@ class SsvcDecisionPointValue(_Base, _Keyed, BaseModel): """ -class SsvcDecisionPoint(_Base, _Keyed, _Versioned, _Namespaced, BaseModel): +class SsvcDecisionPoint(_Valued, _Keyed, _Versioned, _Namespaced, _Base, BaseModel): """ Models a single decision point as a list of values. """ namespace: str = NameSpace.SSVC - values: list[SsvcDecisionPointValue] = [] + values: tuple[SsvcDecisionPointValue, ...] def __iter__(self): """ diff --git a/src/test/test_doctools.py b/src/test/test_doctools.py index c59226a5..70fba2f9 100644 --- a/src/test/test_doctools.py +++ b/src/test/test_doctools.py @@ -31,10 +31,10 @@ "key": "DPT", "name": "Decision Point Test", "description": "This is a test decision point.", - "values": [ + "values": ( {"key": "N", "name": "No", "description": "No means no"}, {"key": "Y", "name": "Yes", "description": "Yes means yes"}, - ], + ), } @@ -122,7 +122,12 @@ def test_dump_json(self): # file is loadable json d = json.load(open(json_file)) for k, v in dp.model_dump().items(): - self.assertEqual(v, d[k]) + # on reload, the tuples are lists, but they should be the same + reloaded_value = d[k] + if isinstance(reloaded_value, list): + reloaded_value = tuple(reloaded_value) + + self.assertEqual(v, reloaded_value) # should not overwrite the file overwrite = False diff --git a/src/test/test_dp_base.py b/src/test/test_dp_base.py index a386b94c..58b626a6 100644 --- a/src/test/test_dp_base.py +++ b/src/test/test_dp_base.py @@ -42,6 +42,14 @@ def tearDown(self) -> None: # restore the original registry base._reset_registered() + def test_decision_point_basics(self): + from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned + + # inherits from mixins + mixins = [_Valued, _Base, _Keyed, _Versioned, _Namespaced] + for mixin in mixins: + self.assertIsInstance(self.dp, mixin) + def test_registry(self): # just by creating the objects, they should be registered self.assertIn(self.dp, base.REGISTERED_DECISION_POINTS) diff --git a/src/test/test_mixins.py b/src/test/test_mixins.py index 4db76959..49450578 100644 --- a/src/test/test_mixins.py +++ b/src/test/test_mixins.py @@ -16,7 +16,7 @@ from pydantic import BaseModel, ValidationError -from ssvc._mixins import _Base, _Keyed, _Namespaced, _Versioned +from ssvc._mixins import _Base, _Keyed, _Namespaced, _Valued, _Versioned from ssvc.namespaces import NameSpace @@ -125,6 +125,22 @@ def test_keyed_create(self): self.assertRaises(ValidationError, _Keyed) + def test_valued_create(self): + values = ("foo", "bar", "baz", "quux") + obj = _Valued(values=values) + + # length + self.assertEqual(len(obj), len(values)) + + # iteration + for i, v in enumerate(obj): + self.assertEqual(v, values[i]) + + # values + self.assertEqual(obj.values, values) + + self.assertRaises(ValidationError, _Valued) + def test_mixin_combos(self): # We need to test all the combinations mixins = [