Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exploited always true #912

Open
ilans opened this issue Nov 13, 2024 · 1 comment
Open

exploited always true #912

ilans opened this issue Nov 13, 2024 · 1 comment
Labels
Profile:Security Security Profile and related matters RDF/OWL/SHACL RDF graph, schema, ontology, constraint
Milestone
3.1

Comments

@ilans
Copy link
Collaborator

ilans commented Nov 13, 2024

From /Security/exploited:
"This field is set when a CVE is listed in an exploit catalog."

But it is mandatory in ExploitCatalogVulnAssessmentRelationship together with catalogType and locator.

So isn’t it always true?...

In that case, I don't understand why this field even exists.
Should I add a SHACL rule to enforce always true?
@bact bact added the Profile:Security Security Profile and related matters label Nov 13, 2024
@bact bact added this to the 3.0.1 milestone Nov 13, 2024
@bact bact added the RDF/OWL/SHACL RDF graph, schema, ontology, constraint label Nov 13, 2024
@zvr zvr changed the title [SHACL] exploited always true exploited always true Nov 13, 2024
@goneall
Copy link
Member

goneall commented Nov 14, 2024

@rnjudge @tsteenbe - any thoughts on this one?

If we do decide to drop the field, I suggest we deprecate it in 3.1 and remove it in 4.0. I'm thinking, however, the description may need to be updated.

@goneall goneall modified the milestones: 3.0.1, 3.1 Nov 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Profile:Security Security Profile and related matters RDF/OWL/SHACL RDF graph, schema, ontology, constraint
Projects
None yet
Milestone
3.1
Development

No branches or pull requests
3 participants
@bact @goneall @ilans