-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow linkage to multiple vulnerability identifiers #3
Comments
New object created similar to the product object where an ID scheme and ID need to be supplied as properties. |
Generally speaking, if multiple identifications schemes are used than the IDs supplies would still reference the same vulnerability. I'm not entirely sure how we could limit the scope of what is being identified as that would be controlled by the rules of the ID schemes themselves. |
The current design of Vulnerability Identifier Object allows for multiple "identifiedBy" relationships to the vulnerability. In the event a vulnerability is identified by multiple systems and those systems can be defined within the properties of the vulnerability identifier we can inherently create a relationship of hasAlias between the two identifiers. This should suffice as mapping a vulnerability across different identification schemes |
The vulnerability object needs a property that is used to identify it. This will typically be a CVE ID, but may be an identifier from another identification scheme.
In the vulnerability object, the text starting with "An identifier" and ending with "many organizations" needs to be removed and transitioned to this new linkage. This will probably eliminate the need for "KnownChains".
The text was updated successfully, but these errors were encountered: