[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Vulnerability object added
Looks good to me. Sorry, should have given a link to the object. It’s in the STIX 2.0-Objects document, here: https://docs.google.com/document/d/1F1c05GgYaJFV1Z04B8c_T3vEE-LRQTPExF24LvOQAsk/edit#heading=h.q5ytzmajn6re John From: <cti-stix@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org> Date: Thursday, July 14, 2016 at 8:11 AM To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Subject: [cti-stix] Vulnerability object added All, As discussed on the call on Tuesday, it seemed like people were looking for a Vulnerability object so that they could say malware/actors/campaigns target particular vulnerabilities. Way back when we were first working on 2.0 we had a definition in there that I updated and moved over. Primarily, it would be used to capture external references to CVE and other vulnerability identifiers, as Jason had suggested. It also has a name and description in case there’s no CVE or other reference assigned yet or you want to duplicate them into the object directly. I also added the relationships it would conceivably need. Can you please review it to see if it captures what you need it to? Thanks, John |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]