[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Public review comments from Kaiser Permanente for STIX V1.2.1
Comment on this area: STIX Part 5, TTP, Section 3.2.3.1 ExploitType Class: Should CVE_ID be included, considering CAPEC_ID is included for AttackPatternType? Basically, the default extensions for similar classes include attributes for similar ID types. Example: the Exploit Target data model WeaknessType class contains CWE_ID. It should be useful to include an (optional) attribute for CVE numbers on Exploits, if the CVE numbers are known.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]