Hooepage Cybersecuritv Cyberpace Menschen
Nachrichtendienste kybernetische Waffen Bildung
Fachberichte BSI / Deutschland NIST / USA NIST / DRAFTNIST - WeissbuchJuornal - ArtikelSP 800... NIST
Original

Deutsch

Sep 30, 2016

NISTIR 8138

DRAFT Vulnerability Description Ontology (VDO): a Framework for Characterizing Vulnerabilities

NISTIR 8138 aims to describe a more effective and efficient methodology for characterizing vulnerabilities found in various forms of software and hardware implementations including but not limited to information technology systems, industrial control systems or medical devices to assist in the vulnerability management process. The primary goal of the described methodology is to enable automated analysis using metrics such as the Common Vulnerability Scoring System (CVSS). Additional goals include establishing a baseline of the minimum information needed to properly inform the vulnerability management process, and facilitating the sharing of vulnerability information across language barriers.

This is the first draft of several anticipated drafts of a document intended to describe a methodology for characterizing vulnerabilities. It is not intended to be complete at this time and the authors do not expect that this draft reflects the full breadth and depth of the information needed to fully automate the descriptions for vulnerabilities. Reviewers are asked to provide feedback on terminology that is unclear, in conflict with established practice and are encouraged to provide feedback and examples where the current draft falls short in enabling the description of a vulnerability. Future drafts will be produced attempting to incorporate feedback consistent with the purpose of the document and the goal of improving the final version.

Email comments to: nistir8138@nist.gov(Subject: "Comments Draft NISTIR 8138")
Comments due by: October 31, 2016

Draft NISTIR 8138
Comment Template

a