Comments (2)
We need to consider how to support sequencing for weaknesses, actions, barriers, etc. It would be ideal to come up with a common pattern that could be used in all cases. This will take some more significant design work than this issue indicates, but would greatly enhance the expressiveness of the vulntology.
@Chris-Turner-NIST We should set aside some time to design a way forward.
from vulntology.
Vulntology Sequencing Requirements
Scope
Support sequencing capability for:
- Barriers
- Weaknesses
- Actions
- Known Chains (possibly different case since we only want direct hops)
Requirements
- Need to express options (e.g., A or B)
- Need to express sequencing (ordering/preconditions) (e.g., A then B)
- Need to express transitions (cause-effect/outcomes) (e.g., A leads to B)
Note: An array can provide for sequencing, but does not convey conditions or outcomes.
Example
>
expresses allowed transition (i.e., A > B
is A allows B)
=
expresses a requirement (i.e., A = B
is B requires A)
()
indicates a combination of pre-conditions (i.e., (A B)
is A then B)
CWE-A > CWE-B => CWE-C
CWE-B => CWE-C
(CWE-A > CWE-B) => CWE-D > CWE-E
can be expressed as:
YAMLish logical structure:
A:
allows: B
[other data]
B:
[other data]
allows: C (optional)
allows: D (optional)
C:
requires: B (implies B allows C)
[other data]
D:
precondition-1:
requires: A (implies A must come before B?)
requires: B (implies B allows D)
[other data]
JSONish logical structure
{
"A": {
"allows": [ "B" ]
},
"B": {
"allows": [ "C", "D" ]
}
"C": {
"requires": [ "B" ]
}
"D": {
"pre-condition": {
"requires": [ "A", "B" ]
},
"allows": [ "E" ]
}
}
A rough example of how this might look in practice.
{
"actions": [ {
"id": "action1",
"allows": "action2"
},
{
"id": "action2",
"requires": "action1"
}
]
}
from vulntology.
Related Issues (20)
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Scheduled Check of Markdown Documents Found Bad Hyperlinks
- Update Figures to reflect 0.6.0 Release
- Update documentation to reference example.com instead of fake
- Entity Role requires addition for System of Interest concept
- Scheduled Check of Website Content Found Bad Hyperlinks HOT 1
- Where did the logical-impact values come from? They appear incomplete. HOT 4
- Scheduled Check of Markdown Documents Found Bad Hyperlinks HOT 1
- Scheduled Check of Website Content Found Bad Hyperlinks
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vulntology.