[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: SARIF taxonomies
Just wanted to shine a light on an effort Microsoft is helping with, to convert a number of prominent standards to SARIF taxonomies, which are designed to help tool producers link their findings to specific standards. We started with a few obvious standards of importance (particularly used in the Heimdall effort), CSE, OWASP NIST SP800-53, etc. Our thought is that there could be three distinct efforts here:
All SARIF taxonomies can be referenced indirectly to help keep log size to a minimum. Would love to talk with others on this effort, interested in suggestions on how to maintain these taxonomies, etc. etc. Michael A current PR on creating a NIST SARIF taxonomy. Our strategy is to check in and maintain code, where possible, that processes some official standard representation to produce the taxonomy (rather than creating/maintaining SARIF JSON manually). Heimdall mappings as CSV: heimdall_tools/lib/data at master · mitre/heimdall_tools (github.com) |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]