This repository hosts the Semantic Representation (version) of the Vulnerability objects (in that case CVEs) published in the STIX Common Objects Repository of the OASIS CTI TC.
-
The Vulnerability objects that are part of the STIX Common Objects Repository of the OASIS CTI TC enumerate the published CVE list using the STIX 2.1 Standard and, in particular, the Vulnerability SDO.
-
The vulnerability facts in this repository provide the semantic represetation of the STIX Vulnerability Objects of the OASIS CTI TC. The semantic representation of the STIX Vulnerability objects is based on the STIX 2.1 Standard and, in particular, the semantic representation of the Vulnerability SDO as represented in the TAC/STIX Ontology of the OASIS TAC TC.
To Operationalize this work:
- Follow the information provided in the TAC TC Repo that offers the Ontological Representation of the STIX Standard.
- Import the files of this repository or download the one file that collects everything using this URL (Shared/Open Google Drive Folder).
The knowledge base provided in this repository will be forwarded to the official OASIS TC Open Repositories GitHub and will be maintained by the OASIS Threat Actor Context Technical Committee (TAC TC). The University of Oslo offers the resources needed to automate the process. The information in this GitHub repository will be updated to reflect that change.