Skip to content

v4.0.0 - Multi-Framework Security Annotations

Choose a tag to compare

@OmarRao OmarRao released this 22 Jun 17:10

What's New

Five Security Frameworks - One Codebase

Every vulnerability in VulnBank now carries annotations for 5 security frameworks simultaneously:

New in v4.0.0:

  • PCI DSS v4.0 - 13 requirements mapped across all vulnerability types. Particularly relevant given VulnBank's banking context. Key mappings: Req 6.2.4 (all injection classes), Req 7.x (access control), Req 8.x (authentication), Req 3.x/4.x (cryptography).

  • NIST SP 800-53 Rev 5 - 17 controls across 7 control families: SI-10 (input validation), AC-3/4/6 (access enforcement + least privilege), SC-5/7/8/13 (comms/boundary/crypto protection), IA-5/8 (authentication), CM-6/7 (config management), SI-3 (malicious code).

  • SANS/CWE Top 25 (2023) - 10 of the top-ranked dangerous weakness categories represented: #2 XSS, #3 SQLi, #5 OS CMDi, #8 Path Traversal, #9 CSRF, #18 Hardcoded Creds, #19 SSRF, #23 XXE, plus CWE-502, CWE-347, CWE-601, CWE-916, CWE-1333.

Previously existing:

  • CWE identifiers
  • MITRE ATT&CK v14 technique IDs
  • OWASP Top 10 2021 / API Top 10 2023 / LLM Top 10 2025

README Framework Tables

Three new reference tables added:

  • PCI DSS v4.0 coverage (13 requirements)
  • NIST SP 800-53 Rev 5 coverage (17 controls, 7 families)
  • SANS/CWE Top 25 ranking table (13 CWEs)

Updated Contributing Guide

New vuln PRs must now include all 5 framework IDs in the inline comment annotation.