Entity Role requires addition for System of Interest concept #153
Labels
enhancement
New feature or request
Value List Adjustment
Issue is related to adding to or modifying valid values in the data model
Milestone
Reasoning:
Currently, Entity Role's purpose is for defining relevant security boundaries across existing assessment systems. This change will enable tracking of these boundaries using the concept of System of Interest. (Used by CVSS v4.0 and SSVC 2.0)
CVSS v4.0 will release towards the end of 2023 (slated for 10/31/23 at the moment).
SSVC v2.0 has been released since 2020
Areas to enhance:
website/content/specification/values/entity-role.md
ADD
System of Interest: See CVSS v4.0 Section ?? for a full explanation of System of Interest
Vulnerable: Associated Context is considered to contain the vulnerability.
Subsequent: Associated Context is where impacts of the vulnerability are realized. The Subsequent System may or may not be the Vulnerable System.
JSON Schema
vulntology/schema/vulntology-json-schema-1.0-draft.json
Lines 200 to 208 in a0dd316
ADD
Overall Graph
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/vulntology-graph.png
Graph Snippets
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/EntityRoleSnippet.png
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ActionSnippet.png
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ContextSnippet.png
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/ImpactMethodSnippet.png
https://github.com/usnistgov/vulntology/blob/a0dd31603661d966c91c2db86b5d64bc629115b5/website/static/figures/graphsnippets/VulnerabilitySnippet.png
The text was updated successfully, but these errors were encountered: