v4.0.0 - Multi-Framework Security Annotations
What's New
Five Security Frameworks - One Codebase
Every vulnerability in VulnBank now carries annotations for 5 security frameworks simultaneously:
New in v4.0.0:
-
PCI DSS v4.0 - 13 requirements mapped across all vulnerability types. Particularly relevant given VulnBank's banking context. Key mappings: Req 6.2.4 (all injection classes), Req 7.x (access control), Req 8.x (authentication), Req 3.x/4.x (cryptography).
-
NIST SP 800-53 Rev 5 - 17 controls across 7 control families: SI-10 (input validation), AC-3/4/6 (access enforcement + least privilege), SC-5/7/8/13 (comms/boundary/crypto protection), IA-5/8 (authentication), CM-6/7 (config management), SI-3 (malicious code).
-
SANS/CWE Top 25 (2023) - 10 of the top-ranked dangerous weakness categories represented: #2 XSS, #3 SQLi, #5 OS CMDi, #8 Path Traversal, #9 CSRF, #18 Hardcoded Creds, #19 SSRF, #23 XXE, plus CWE-502, CWE-347, CWE-601, CWE-916, CWE-1333.
Previously existing:
- CWE identifiers
- MITRE ATT&CK v14 technique IDs
- OWASP Top 10 2021 / API Top 10 2023 / LLM Top 10 2025
README Framework Tables
Three new reference tables added:
- PCI DSS v4.0 coverage (13 requirements)
- NIST SP 800-53 Rev 5 coverage (17 controls, 7 families)
- SANS/CWE Top 25 ranking table (13 CWEs)
Updated Contributing Guide
New vuln PRs must now include all 5 framework IDs in the inline comment annotation.