From e1a1d055a9edd9a149134382242f1add995b30bb Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 30 Aug 2024 09:27:41 +0200
Subject: [PATCH 1/3] new: [vulnerability] first version of a taxonomy for
 vulnerabilities

This taxonomy is originally maintained by MISP project and done
for the vulnerability-lookup project

https://github.com/cve-search/vulnerability-lookup

The taxonomy will be extended and improved. Contributions are also
very welcome.

Thanks to @cedricbonhomme for the original discussions.
---
 vulnerability/machinetag.json | 66 +++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 vulnerability/machinetag.json

diff --git a/vulnerability/machinetag.json b/vulnerability/machinetag.json
new file mode 100644
index 0000000..8aa398d
--- /dev/null
+++ b/vulnerability/machinetag.json
@@ -0,0 +1,66 @@
+{
+  "namespace": "vulnerability",
+  "expanded": "vulnerability",
+  "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",
+  "version": 1,
+  "predicates": [
+    {
+      "value": "exploitability",
+      "expanded": "Exploitability",
+      "description": "Quantification of attack exploitability, providing a level of exploitation for the identified vulnerability.",
+      "exclusive": true
+    },
+    {
+      "value": "information",
+      "expanded": "Information",
+      "description": "Complementary information related to the vulnerability."
+    }
+  ],
+  "values": [
+    {
+      "predicate": "exploitability",
+      "entry": [
+        {
+          "value": "industrialised",
+          "expanded": "Industrialised",
+          "description": "Existing vulnerability with detailed attack methods; multiple tools are available for exploitation."
+        },
+        {
+          "value": "customised",
+          "expanded": "Customised",
+          "description": "Existing vulnerability with a detailed attack approach and one known custom tool available for exploitation."
+        },
+        {
+          "value": "documented",
+          "expanded": "Documented",
+          "description": "Existing vulnerability is documented with an attack approach, but tools for exploitation are not available."
+        },
+        {
+          "value": "theoretical",
+          "expanded": "Theoretical",
+          "description": "Publication describes a theoretical but no actual vulnerability is reported."
+        }
+      ]
+    },
+    {
+      "predicate": "information",
+      "entry": [
+        {
+          "value": "PoC",
+          "expanded": "Proof-of-Concept",
+          "description": "Reference to a proof-of-concept for exploiting the vulnerability."
+        },
+        {
+          "value": "remediation",
+          "expanded": "Remediation",
+          "description": "Remediation to limit or block the exploitability of the vulnerability."
+        },
+        {
+          "value": "annotation",
+          "expanded": "Annotation",
+          "description": "Annotation or clarification to a vulnerability."
+        }
+      ]
+    }
+  ]
+}

From 220c5637975d0fec7e1ca73c24dee1e7e751ce6c Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 30 Aug 2024 09:31:29 +0200
Subject: [PATCH 2/3] chg: [MANIFEST] updated

---
 MANIFEST.json | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/MANIFEST.json b/MANIFEST.json
index 2c7df46..f520aca 100644
--- a/MANIFEST.json
+++ b/MANIFEST.json
@@ -501,7 +501,7 @@
     {
       "description": "Classification based on different categories. Based on https://www.sans.org/reading-room/whitepapers/incident/malware-101-viruses-32848",
       "name": "malware_classification",
-      "version": 2
+      "version": 3
     },
     {
       "description": "classification for the identification of type of misinformation among websites. Source:False, Misleading, Clickbait-y, and/or Satirical News Sources by Melissa Zimdars 2019",
@@ -511,7 +511,7 @@
     {
       "description": "MISP taxonomy to infer with MISP behavior or operation.",
       "name": "misp",
-      "version": 12
+      "version": 14
     },
     {
       "description": "MISP workflow taxonomy to support result of workflow execution.",
@@ -748,12 +748,17 @@
       "name": "vocabulaire-des-probabilites-estimatives",
       "version": 3
     },
+    {
+      "description": "A taxonomy for describing vulnerabilities (software, hardware, or social) on different scales or with additional available information.",
+      "name": "vulnerability",
+      "version": 1
+    },
     {
       "description": "Workflow support language is a common language to support intelligence analysts to perform their analysis on data and information.",
       "name": "workflow",
-      "version": 12
+      "version": 14
     }
   ],
   "url": "https://raw.githubusercontent.com/MISP/misp-taxonomies/main/",
-  "version": "20240304"
+  "version": "20240830"
 }

From f467e5efe3a0fa4a980255f2b84a804e7e01f49e Mon Sep 17 00:00:00 2001
From: Alexandre Dulaunoy <a@foo.be>
Date: Fri, 30 Aug 2024 09:44:05 +0200
Subject: [PATCH 3/3] fix: [tools] path fixed

---
 tools/gen.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/gen.sh b/tools/gen.sh
index f2586a2..0e55f0f 100644
--- a/tools/gen.sh
+++ b/tools/gen.sh
@@ -1,7 +1,7 @@
 python3 machinetag.py -a >a.txt
 asciidoctor a.txt
 asciidoctor-pdf -a allow-uri-read  a.txt
-cp a.html ../../misp-website-new/static/taxonomies.html
-cp a.pdf ../../misp-website-new/static/taxonomies.pdf
+cp a.html ../../misp-website/static/taxonomies.html
+cp a.pdf ../../misp-website/static/taxonomies.pdf
 scp a.html circl@cpab.circl.lu:/var/www/nwww.circl.lu/doc/misp-taxonomies/index.html
 scp a.pdf circl@cpab.circl.lu://var/www/nwww.circl.lu/doc/misp-taxonomies/taxonomies.pdf