Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate other non-logical impact types #27

Open
Chris-Turner-NIST opened this issue Sep 3, 2019 · 1 comment
Open

Investigate other non-logical impact types #27

Chris-Turner-NIST opened this issue Sep 3, 2019 · 1 comment
Labels
Discussion Needed Topic requires further discussion or research to provide more specific actions enhancement New feature or request Object/Relationship Adjustment The issue is related to adding or modifying Objects and/or their Relationships in the data model
Projects
Sprint 6

Comments

@Chris-Turner-NIST
Copy link
Collaborator

Chris-Turner-NIST commented Sep 3, 2019
edited

User Story:

Organizations may care about impacts a vulnerability could cause that are not simply related to human injury or property destruction. A small list of possible categories was provided regarding the types of other impacts or the perspective of impacts that could be included as a direct impact from a vulnerability being exploited.

Financial
Government
Catastrophe level events
FDA
NRC

Goals:

Determine if any of these or similar items that come out of research would work with the Vulntology model. Impacts would need to be specific to the vulnerability.

Dependencies:

N/A

Acceptance Criteria

[ ] Research completed into other areas of non-logical impacts
[ ] Determinations clearly defined regarding types that should be considered for inclusion into Vulntology and where they would best fit
@Chris-Turner-NIST Chris-Turner-NIST mentioned this issue Sep 3, 2019
Closed
@Chris-Turner-NIST Chris-Turner-NIST added Discussion Needed Topic requires further discussion or research to provide more specific actions and removed enhancement New feature or request labels Sep 3, 2019
@david-waltermire david-waltermire added this to To do in Sprint 6 Feb 7, 2020
@j---
Copy link

j--- commented Nov 12, 2020

We've addressed something similar to this in SSVC, the resources we've collected and how we organized it into a decision might be helpful for you:
https://github.com/CERTCC/SSVC/blob/main/doc/version_1/045_treesForVulMgmt_3.md
Though as of this writing, we have some open issues we're still working on in this area too (such as CERTCC/SSVC#46). Would be happy if you have thoughts on that.

@Chris-Turner-NIST Chris-Turner-NIST added Object/Relationship Adjustment The issue is related to adding or modifying Objects and/or their Relationships in the data model enhancement New feature or request and removed good first issue labels Oct 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Discussion Needed Topic requires further discussion or research to provide more specific actions enhancement New feature or request Object/Relationship Adjustment The issue is related to adding or modifying Objects and/or their Relationships in the data model
Projects
No open projects
Sprint 6
  
To do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@j--- @Chris-Turner-NIST