Mapping Mitre's Common Weakness Enumeration data > TAM Attack Library format?
9 views
Skip to first unread message
ParanoidMike
Aug 16, 2007, 7:39:11 PM8/16/07
to Microsoft Threat Modeling Tools
Today I discovered that Mitre's been developing a schema of
Vulnerabilities that looks oddly similar to what I see in the Attack
Library format of TAM:
http://cwe.mitre.org/
Vulnerabilities that looks oddly similar to what I see in the Attack
Library format of TAM:
http://cwe.mitre.org/
If you open up their XML file (http://cwe.mitre.org/data/other.html)
there's enough similarities in fields or the data they contain that it
makes me wonder:
(a) was the default Attack Library data based off the Mitre CWE data?
(b) has anyone considered integrating the Mitre CWE data into the TAM
Attack Library data?
(c) does anyone have an XSLT that would transform the latest version
of the CWE XML into a form suitable for enhancing the Attack Library
data we already have?
I haven't dug into the schema in detail, but my gut says it's at least
worth a look. Now, who has the time to take a crack at this?
Cheers, Mike
Reply all
Reply to author
Forward
0 new messages