diff --git a/data/examples/Computed+Provision-VU#290915_Coordinator-v2.01.json b/data/examples/Computed+Provision-VU#290915_Coordinator-v2.01.json deleted file mode 100644 index 97f3087e..00000000 --- a/data/examples/Computed+Provision-VU#290915_Coordinator-v2.01.json +++ /dev/null @@ -1,396 +0,0 @@ -{ - "timestamp": "2020-12-10T18:58:04.153Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626684/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ], - "decision_tree": { - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "key": "E", - "options": [ - { - "label": "none", - "key": "N", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "key": "P", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "key": "A", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "key": "V", - "decision_type": "simple", - "options": [ - { - "label": "slow", - "key": "S", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "key": "R", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "key": "T", - "decision_type": "simple", - "options": [ - { - "label": "partial", - "key": "P", - "description": "partial" - }, - { - "label": "total", - "key": "T", - "description": "total" - } - ] - }, - { - "label": "Mission & Well-being", - "key": "M", - "decision_type": "simple", - "options": [ - { - "label": "low", - "key": "L", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "key": "M", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "key": "H", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "key": "D", - "decision_type": "final", - "options": [ - { - "label": "Track", - "key": "T", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "key": "R", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "key": "A", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "key": "C", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" - } -} - - diff --git a/data/examples/Computed-VU#290915_Coordinator-v2.01.json b/data/examples/Computed-VU#290915_Coordinator-v2.01.json deleted file mode 100644 index b37cb2a2..00000000 --- a/data/examples/Computed-VU#290915_Coordinator-v2.01.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "timestamp": "2020-12-10T18:57:45.961Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626665/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ] -} diff --git a/data/examples/Provision-Coordinator-v2.01.json b/data/examples/Provision-Coordinator-v2.01.json deleted file mode 100644 index ab7aaac2..00000000 --- a/data/examples/Provision-Coordinator-v2.01.json +++ /dev/null @@ -1,370 +0,0 @@ -{ - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "key": "E", - "options": [ - { - "label": "none", - "key": "N", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "key": "P", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "key": "A", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "key": "V", - "decision_type": "simple", - "options": [ - { - "label": "slow", - "key": "S", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "key": "R", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "key": "T", - "decision_type": "simple", - "options": [ - { - "label": "partial", - "key": "P", - "description": "partial" - }, - { - "label": "total", - "key": "T", - "description": "total" - } - ] - }, - { - "label": "Mission & Well-being", - "key": "M", - "decision_type": "simple", - "options": [ - { - "label": "low", - "key": "L", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "key": "M", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "key": "H", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "key": "D", - "decision_type": "final", - "options": [ - { - "label": "Track", - "key": "T", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "key": "R", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "key": "A", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "key": "C", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" -} diff --git a/data/examples/README.MD b/data/examples/README.MD deleted file mode 100644 index 475cea48..00000000 --- a/data/examples/README.MD +++ /dev/null @@ -1,10 +0,0 @@ -# Sample JSON files - - -There are there sample JSON files that provide examples of the current [JSON schema](../schema/). -The JSON files here are -1. Full Decision tree used for making an SSVC based decision. -2. Computed SSVC score of a vulnerability at a point of time. -3. Computed SSVC score with the full decision tree embedded. - - diff --git a/data/schema/SSVC_Computed_v2.01.schema.json b/data/schema/SSVC_Computed_v2.01.schema.json index 8d18906f..0ccb1024 100644 --- a/data/schema/SSVC_Computed_v2.01.schema.json +++ b/data/schema/SSVC_Computed_v2.01.schema.json @@ -21,10 +21,6 @@ "minItems": 1, "uniqueItems": true }, - "computed": { - "description": "Computed score short representation such as SSVC/v:2/R:C/E:[P,A]/V:R/T:P/M:H/D:[T,R,A,E]/1607626684/ for a vulnerability with no or minor Public Safety Impact, total Technical Impact, and efficient Utility, which was evaluated on Nov 10, 2020.", - "type": "string" - }, "timestamp" : { "description": "Date and time in ISO format ISO 8601 format", "type": "string", @@ -45,7 +41,6 @@ }, "required": [ "choices", - "computed", "timestamp", "role", "id", diff --git a/data/schema/SSVC_Provision_v2.01.schema.json b/data/schema/SSVC_Provision_v2.01.schema.json index dd34ef94..ef81dcc7 100644 --- a/data/schema/SSVC_Provision_v2.01.schema.json +++ b/data/schema/SSVC_Provision_v2.01.schema.json @@ -17,7 +17,7 @@ "maxLength": 255 }, "key": { - "description": "A unique short \"key\" that represent this \"descision_point\". This is one or two letter(s) used in short-form vector representation of the SSVC score.", + "description": "An optional short \"key\" that identified this \"descision_point\" in SSVC score vector form. This is one or two letter(s) used in short-form vector representation of the SSVC score.", "maxLength": 2, "type": "string" }, @@ -38,7 +38,7 @@ "type": "string" }, "key": { - "description": "A unique short \"key\" that represent this \"option\" or choice. This is one or two letter(s) used in short-form vector representation of the SSVC score ", + "description": "An optional short \"key\" that identified this \"descision_point\" in SSVC score vector form. This is one or two letter(s) used in short-form vector representation of the SSVC score.", "type": "string", "maxLength": 2 }, @@ -51,7 +51,6 @@ "required": [ "label", "description", - "key" ] }, "minItems": 1, @@ -78,7 +77,6 @@ "required": [ "decision_type", "label", - "key", "children" ] }, @@ -86,7 +84,6 @@ "required": [ "decision_type", "label", - "key", "options" ] } diff --git a/data/schema_examples/Computed+Provision-VU#290915_Coordinator.json b/data/schema_examples/Computed+Provision-VU#290915_Coordinator.json deleted file mode 100644 index f31b9e16..00000000 --- a/data/schema_examples/Computed+Provision-VU#290915_Coordinator.json +++ /dev/null @@ -1,375 +0,0 @@ -{ - "timestamp": "2020-12-10T18:58:04.153Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626684/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ], - "decision_tree": { - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "choices": [ - { - "label": "none", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "decision_type": "simple", - "choices": [ - { - "label": "slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "decision_type": "simple", - "choices": [ - { - "label": "partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. In this context, “low” means that the attacker cannot reasonably make enough attempts to overcome the low chance of each attempt not working. Denial of service is a form of limited control over the behavior of the vulnerable component." - }, - { - "label": "total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." - } - ] - }, - { - "label": "Mission & Well-being", - "decision_type": "simple", - "choices": [ - { - "label": "low", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "decision_type": "final", - "choices": [ - { - "label": "Track", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" - } -} diff --git a/data/schema_examples/Computed-VU#290915_Coordinator.json b/data/schema_examples/Computed-VU#290915_Coordinator.json deleted file mode 100644 index b37cb2a2..00000000 --- a/data/schema_examples/Computed-VU#290915_Coordinator.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "timestamp": "2020-12-10T18:57:45.961Z", - "role": "Coordinator", - "id": "VU#290915", - "version": "2.0", - "computed": "SSVCv2/E:P/V:R/T:P/M:H/D:A/1607626665/", - "choices": [ - { - "Exploitation": "poc" - }, - { - "Virulence": "rapid" - }, - { - "Technical Impact": "partial" - }, - { - "Mission & Well-being": "high" - }, - { - "Decision": "Attend" - } - ] -} diff --git a/data/schema_examples/Provision-v2-CISA-Coordination.json b/data/schema_examples/Provision-v2-CISA-Coordination.json deleted file mode 100644 index 44bf4ef6..00000000 --- a/data/schema_examples/Provision-v2-CISA-Coordination.json +++ /dev/null @@ -1,351 +0,0 @@ -{ - "decision_points": [ - { - "label": "Exploitation", - "decision_type": "simple", - "choices": [ - { - "label": "none", - "description": "There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability." - }, - { - "label": "poc", - "description": "One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. Some examples of condition (4) are open-source web proxies serve as the PoC code for how to exploit any vulnerability in the vein of improper validation of TLS certificates. As another example, Wireshark serves as a PoC for packet replay attacks on ethernet or WiFi networks." - }, - { - "label": "active", - "description": "Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting." - } - ] - }, - { - "label": "Virulence", - "decision_type": "simple", - "choices": [ - { - "label": "slow", - "description": "Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. Example reasons for why a step may not be reliably automatable include (1) the vulnerable component is not searchable or enumerable on the network, (2) weaponization may require human direction for each target, (3) delivery may require channels that widely deployed network security configurations block, and (4) exploitation may be frustrated by adequate exploit-prevention techniques enabled by default; ASLR is an example of an exploit-prevention tool." - }, - { - "label": "rapid", - "description": "Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows unauthenticated remote code execution (RCE) or command injection, the response is likely rapid." - } - ] - }, - { - "label": "Technical Impact", - "decision_type": "simple", - "choices": [ - { - "label": "partial", - "description": "The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. In this context, “low” means that the attacker cannot reasonably make enough attempts to overcome the low chance of each attempt not working. Denial of service is a form of limited control over the behavior of the vulnerable component." - }, - { - "label": "total", - "description": "The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability." - } - ] - }, - { - "label": "Mission & Well-being", - "decision_type": "simple", - "choices": [ - { - "label": "low", - "description": "Mission Prevelance is Low and Public well-being impact is Minimal" - }, - { - "label": "medium", - "description": "Mission Prevelance is Medium and Public well-being impact is in Material" - }, - { - "label": "high", - "description": "Mission Prevelance is Essential and Public well-being impact is Irreversible" - } - ] - }, - { - "label": "Decision", - "decision_type": "final", - "choices": [ - { - "label": "Track", - "description": "The vulnerability does not require attention outside of Vulnerability Management (VM) at this time. Continue to track the situation and reassess the severity of vulnerability if necessary.", - "color": "#28a745" - }, - { - "label": "Track*", - "description": "Track these closely, especially if mitigation is unavailable or difficult. Recommended that analyst discuss with other ana-lysts and get a second opinion.", - "color": "#ffc107" - }, - { - "label": "Attend", - "description": "The vulnerability requires to be attended to by stakeholders outside VM. The action is a request to others for assistance / information / details, as well as a potential publication about the issue.", - "color": "#EE8733" - }, - { - "label": "Act", - "description": "The vulnerability requires immediate action by the relevant leadership. The action is a high-priority meeting among the relevant supervisors to decide how to respond.", - "color": "#dc3545" - } - ] - } - ], - "decisions_table": [ - { - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low", - "Decision": "Track" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "none", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "none", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Track*", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "poc", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Track", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "slow", - "Technical Impact": "total", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "low" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "partial", - "Mission & Well-being": "high" - }, - { - "Decision": "Attend", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "low" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "medium" - }, - { - "Decision": "Act", - "Exploitation": "active", - "Virulence": "rapid", - "Technical Impact": "total", - "Mission & Well-being": "high" - } - ], - "lang": "en", - "version": "2.0", - "title": "SSVC Provision table" -}