diff --git a/data/json/decision_points/safety_impact_1_0_0.json b/data/json/decision_points/safety_impact_1_0_0.json index 3ca63485..f76474e1 100644 --- a/data/json/decision_points/safety_impact_1_0_0.json +++ b/data/json/decision_points/safety_impact_1_0_0.json @@ -13,7 +13,7 @@ { "key": "M", "name": "Minor", - "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." + "description": "Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons." }, { "key": "J", diff --git a/docs/_generated/decision_points/automatable_2_0_0.md b/docs/_generated/decision_points/automatable_2_0_0.md index 96befcd5..556c059c 100644 --- a/docs/_generated/decision_points/automatable_2_0_0.md +++ b/docs/_generated/decision_points/automatable_2_0_0.md @@ -1,17 +1,17 @@ !!! note "Automatable v2.0.0" - === "Text" - - Can an attacker reliably automate creating exploitation events for this vulnerability? +=== "Text" + + Can an attacker reliably automate creating exploitation events for this vulnerability? | Value | Definition | |:-----|:-----------| | No | Attackers cannot reliably automate steps 1-4 of the kill chain for this vulnerability. These steps are (1) reconnaissance, (2) weaponization, (3) delivery, and (4) exploitation. | | Yes | Attackers can reliably automate steps 1-4 of the kill chain. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/automatable_2_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/automatable_2_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/exploitation_1_0_0.md b/docs/_generated/decision_points/exploitation_1_0_0.md index 1b07d383..110f2ec9 100644 --- a/docs/_generated/decision_points/exploitation_1_0_0.md +++ b/docs/_generated/decision_points/exploitation_1_0_0.md @@ -1,18 +1,18 @@ !!! note "Exploitation v1.0.0" - === "Text" - - The present state of exploitation of the vulnerability. +=== "Text" + + The present state of exploitation of the vulnerability. | Value | Definition | |:-----|:-----------| | None | There is no evidence of active exploitation and no public proof of concept (PoC) of how to exploit the vulnerability. | | PoC | One of the following cases is true: (1) private evidence of exploitation is attested but not shared; (2) widespread hearsay attests to exploitation; (3) typical public PoC in places such as Metasploit or ExploitDB; or (4) the vulnerability has a well-known method of exploitation. | | Active | Shared, observable, reliable evidence that the exploit is being used in the wild by real attackers; there is credible public reporting. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/exploitation_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/exploitation_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/human_impact_1_0_0.md b/docs/_generated/decision_points/human_impact_1_0_0.md index 9aac5149..1977e42b 100644 --- a/docs/_generated/decision_points/human_impact_1_0_0.md +++ b/docs/_generated/decision_points/human_impact_1_0_0.md @@ -1,9 +1,9 @@ !!! note "Human Impact v1.0.0" - === "Text" - - Human Impact is a combination of Safety and Mission impacts. +=== "Text" + + Human Impact is a combination of Safety and Mission impacts. | Value | Definition | |:-----|:-----------| @@ -11,9 +11,9 @@ | Medium | Safety=None/Minor, Mission=MEF Failure OR Safety=Major, Mission=None/Degraded/Crippled | | High | Safety=Hazardous, Mission=None/Degraded/Crippled/MEF Failure OR Safety=Major, Mission=MEF Failure | | Very High | Safety=Catastrophic OR Mission=Mission Failure | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/human_impact_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/human_impact_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/mission_impact_1_0_0.md b/docs/_generated/decision_points/mission_impact_1_0_0.md index 3b8f858a..d62654cb 100644 --- a/docs/_generated/decision_points/mission_impact_1_0_0.md +++ b/docs/_generated/decision_points/mission_impact_1_0_0.md @@ -1,9 +1,9 @@ !!! note "Mission Impact v1.0.0" - === "Text" - - Impact on Mission Essential Functions of the Organization +=== "Text" + + Impact on Mission Essential Functions of the Organization | Value | Definition | |:-----|:-----------| @@ -12,9 +12,9 @@ | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time | | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time | | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/mission_impact_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/mission_impact_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/mission_impact_2_0_0.md b/docs/_generated/decision_points/mission_impact_2_0_0.md index 72aa323f..87e095a0 100644 --- a/docs/_generated/decision_points/mission_impact_2_0_0.md +++ b/docs/_generated/decision_points/mission_impact_2_0_0.md @@ -1,9 +1,9 @@ !!! note "Mission Impact v2.0.0" - === "Text" - - Impact on Mission Essential Functions of the Organization +=== "Text" + + Impact on Mission Essential Functions of the Organization | Value | Definition | |:-----|:-----------| @@ -11,9 +11,9 @@ | MEF Support Crippled | Activities that directly support essential functions are crippled; essential functions continue for a time | | MEF Failure | Any one mission essential function fails for period of time longer than acceptable; overall mission of the organization degraded but can still be accomplished for a time | | Mission Failure | Multiple or all mission essential functions fail; ability to recover those functions degraded; organization’s ability to deliver its overall mission fails | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/mission_impact_2_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/mission_impact_2_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/public_safety_impact_1_0_0.md b/docs/_generated/decision_points/public_safety_impact_1_0_0.md index 80b78d99..8ebf7b03 100644 --- a/docs/_generated/decision_points/public_safety_impact_1_0_0.md +++ b/docs/_generated/decision_points/public_safety_impact_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Public Safety Impact v1.0.0" - === "Text" - - A coarse-grained representation of impact to public safety. +=== "Text" + + A coarse-grained representation of impact to public safety. | Value | Definition | |:-----|:-----------| | Minimal | Safety impact of None or Minor. | | Significant | Safety impact of Major, Hazardous, or Catastrophic. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/public_safety_impact_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/public_safety_impact_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/public_value_added_1_0_0.md b/docs/_generated/decision_points/public_value_added_1_0_0.md index 9f315564..763efa67 100644 --- a/docs/_generated/decision_points/public_value_added_1_0_0.md +++ b/docs/_generated/decision_points/public_value_added_1_0_0.md @@ -1,18 +1,18 @@ !!! note "Public Value Added v1.0.0" - === "Text" - - How much value would a publication from the coordinator benefit the broader community? +=== "Text" + + How much value would a publication from the coordinator benefit the broader community? | Value | Definition | |:-----|:-----------| | Precedence | The publication would be the first publicly available, or be coincident with the first publicly available. | | Ampliative | Amplifies and/or augments the existing public information about the vulnerability, for example, adds additional detail, addresses or corrects errors in other public information, draws further attention to the vulnerability, etc. | | Limited | Minimal value added to the existing public information because existing information is already high quality and in multiple outlets. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/public_value_added_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/public_value_added_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/report_credibility_1_0_0.md b/docs/_generated/decision_points/report_credibility_1_0_0.md index 7494a7b1..bdd17e2a 100644 --- a/docs/_generated/decision_points/report_credibility_1_0_0.md +++ b/docs/_generated/decision_points/report_credibility_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Report Credibility v1.0.0" - === "Text" - - Is the report credible? +=== "Text" + + Is the report credible? | Value | Definition | |:-----|:-----------| | Credible | The report is credible. | | Not Credible | The report is not credible. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/report_credibility_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/report_credibility_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/report_public_1_0_0.md b/docs/_generated/decision_points/report_public_1_0_0.md index 80bee355..08fa7f61 100644 --- a/docs/_generated/decision_points/report_public_1_0_0.md +++ b/docs/_generated/decision_points/report_public_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Report Public v1.0.0" - === "Text" - - Is a viable report of the details of the vulnerability already publicly available? +=== "Text" + + Is a viable report of the details of the vulnerability already publicly available? | Value | Definition | |:-----|:-----------| | No | No public report of the vulnerability exists. | | Yes | A public report of the vulnerability exists. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/report_public_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/report_public_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/safety_impact_1_0_0.md b/docs/_generated/decision_points/safety_impact_1_0_0.md index fa7b4c24..d10c5c75 100644 --- a/docs/_generated/decision_points/safety_impact_1_0_0.md +++ b/docs/_generated/decision_points/safety_impact_1_0_0.md @@ -1,20 +1,20 @@ !!! note "Safety Impact v1.0.0" - === "Text" - - The safety impact of the vulnerability. +=== "Text" + + The safety impact of the vulnerability. | Value | Definition | |:-----|:-----------| | None | The effect is below the threshold for all aspects described in Minor. | - | Minor | Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. | + | Minor | Any one or more of these conditions hold. Physical harm: Physical discomfort for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be well within expected operator abilities; OR causes a minor occupational safety hazard. System resiliency: Small reduction in built-in system safety margins; OR small reduction in system functional capabilities that support safe operation. Environment: Minor externalities (property damage, environmental damage, etc.) imposed on other parties. Financial Financial losses, which are not readily absorbable, to multiple persons. Psychological: Emotional or psychological harm, sufficient to be cause for counselling or therapy, to multiple persons. | | Major | Any one or more of these conditions hold. Physical harm: Physical distress and injuries for users (not operators) of the system. Operator resiliency: Requires action by system operator to maintain safe system state as a result of exploitation of the vulnerability where operator actions would be within their capabilities but the actions require their full attention and effort; OR significant distraction or discomfort to operators; OR causes significant occupational safety hazard. System resiliency: System safety margin effectively eliminated but no actual harm; OR failure of system functional capabilities that support safe operation. Environment: Major externalities (property damage, environmental damage, etc.) imposed on other parties. Financial: Financial losses that likely lead to bankruptcy of multiple persons. Psychological: Widespread emotional or psychological harm, sufficient to be cause for counselling or therapy, to populations of people. | | Hazardous | Any one or more of these conditions hold. Physical harm: Serious or fatal injuries, where fatalities are plausibly preventable via emergency services or other measures. Operator resiliency: Actions that would keep the system in a safe state are beyond system operator capabilities, resulting in adverse conditions; OR great physical distress to system operators such that they cannot be expected to operate the system properly. System resiliency: Parts of the cyber-physical system break; system’s ability to recover lost functionality remains intact. Environment: Serious externalities (threat to life as well as property, widespread environmental damage, measurable public health risks, etc.) imposed on other parties. Financial: Socio-technical system (elections, financial grid, etc.) of which the affected component is a part is actively destabilized and enters unsafe state. Psychological: N/A. | | Catastrophic | Any one or more of these conditions hold. Physical harm: Multiple immediate fatalities (Emergency response probably cannot save the victims.) Operator resiliency: Operator incapacitated (includes fatality or otherwise incapacitated). System resiliency: Total loss of whole cyber-physical system, of which the software is a part. Environment: Extreme externalities (immediate public health threat, environmental damage leading to small ecosystem collapse, etc.) imposed on other parties. Financial: Social systems (elections, financial grid, etc.) supported by the software collapse. Psychological: N/A. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/safety_impact_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/safety_impact_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/supplier_cardinality_1_0_0.md b/docs/_generated/decision_points/supplier_cardinality_1_0_0.md index 9dbdc154..f97d975b 100644 --- a/docs/_generated/decision_points/supplier_cardinality_1_0_0.md +++ b/docs/_generated/decision_points/supplier_cardinality_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Supplier Cardinality v1.0.0" - === "Text" - - How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan? +=== "Text" + + How many suppliers are responsible for the vulnerable component and its remediation or mitigation plan? | Value | Definition | |:-----|:-----------| | One | There is only one supplier of the vulnerable component. | | Multiple | There are multiple suppliers of the vulnerable component. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/supplier_cardinality_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/supplier_cardinality_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/supplier_contacted_1_0_0.md b/docs/_generated/decision_points/supplier_contacted_1_0_0.md index aff63ba8..59bf4f88 100644 --- a/docs/_generated/decision_points/supplier_contacted_1_0_0.md +++ b/docs/_generated/decision_points/supplier_contacted_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Supplier Contacted v1.0.0" - === "Text" - - Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method? +=== "Text" + + Has the reporter made a good-faith effort to contact the supplier of the vulnerable component using a quality contact method? | Value | Definition | |:-----|:-----------| | No | The supplier has not been contacted. | | Yes | The supplier has been contacted. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/supplier_contacted_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/supplier_contacted_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/supplier_engagement_1_0_0.md b/docs/_generated/decision_points/supplier_engagement_1_0_0.md index 2d3d9d18..d1a27030 100644 --- a/docs/_generated/decision_points/supplier_engagement_1_0_0.md +++ b/docs/_generated/decision_points/supplier_engagement_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Supplier Engagement v1.0.0" - === "Text" - - Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort? +=== "Text" + + Is the supplier responding to the reporter’s contact effort and actively participating in the coordination effort? | Value | Definition | |:-----|:-----------| | Active | The supplier is responding to the reporter’s contact effort and actively participating in the coordination effort. | | Unresponsive | The supplier is not responding to the reporter’s contact effort and not actively participating in the coordination effort. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/supplier_engagement_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/supplier_engagement_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/supplier_involvement_1_0_0.md b/docs/_generated/decision_points/supplier_involvement_1_0_0.md index 3e7504b2..b1e27622 100644 --- a/docs/_generated/decision_points/supplier_involvement_1_0_0.md +++ b/docs/_generated/decision_points/supplier_involvement_1_0_0.md @@ -1,18 +1,18 @@ !!! note "Supplier Involvement v1.0.0" - === "Text" - - What is the state of the supplier’s work on addressing the vulnerability? +=== "Text" + + What is the state of the supplier’s work on addressing the vulnerability? | Value | Definition | |:-----|:-----------| | Fix Ready | The supplier has provided a patch or fix. | | Cooperative | The supplier is actively generating a patch or fix; they may or may not have provided a mitigation or work-around in the mean time. | | Uncooperative/Unresponsive | The supplier has not responded, declined to generate a remediation, or no longer exists. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/supplier_involvement_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/supplier_involvement_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/system_exposure_1_0_0.md b/docs/_generated/decision_points/system_exposure_1_0_0.md index 4c6e977c..7a7c994b 100644 --- a/docs/_generated/decision_points/system_exposure_1_0_0.md +++ b/docs/_generated/decision_points/system_exposure_1_0_0.md @@ -1,18 +1,18 @@ !!! note "System Exposure v1.0.0" - === "Text" - - The Accessible Attack Surface of the Affected System or Service +=== "Text" + + The Accessible Attack Surface of the Affected System or Service | Value | Definition | |:-----|:-----------| | Small | Local service or program; highly controlled network | | Controlled | Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small. | | Unavoidable | Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers) | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/system_exposure_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/system_exposure_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/system_exposure_1_0_1.md b/docs/_generated/decision_points/system_exposure_1_0_1.md index 234fa98a..cb4286dc 100644 --- a/docs/_generated/decision_points/system_exposure_1_0_1.md +++ b/docs/_generated/decision_points/system_exposure_1_0_1.md @@ -1,18 +1,18 @@ !!! note "System Exposure v1.0.1" - === "Text" - - The Accessible Attack Surface of the Affected System or Service +=== "Text" + + The Accessible Attack Surface of the Affected System or Service | Value | Definition | |:-----|:-----------| | Small | Local service or program; highly controlled network | | Controlled | Networked service with some access restrictions or mitigations already in place (whether locally or on the network). A successful mitigation must reliably interrupt the adversary’s attack, which requires the attack is detectable both reliably and quickly enough to respond. Controlled covers the situation in which a vulnerability can be exploited through chaining it with other vulnerabilities. The assumption is that the number of steps in the attack path is relatively low; if the path is long enough that it is implausible for an adversary to reliably execute it, then exposure should be small. | | Open | Internet or another widely accessible network where access cannot plausibly be restricted or controlled (e.g., DNS servers, web servers, VOIP servers, email servers) | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/system_exposure_1_0_1.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/system_exposure_1_0_1.json" %} + ``` diff --git a/docs/_generated/decision_points/technical_impact_1_0_0.md b/docs/_generated/decision_points/technical_impact_1_0_0.md index 7c95d68f..3cf36557 100644 --- a/docs/_generated/decision_points/technical_impact_1_0_0.md +++ b/docs/_generated/decision_points/technical_impact_1_0_0.md @@ -5,11 +5,11 @@ The technical impact of the vulnerability. - | Value | Definition | - |:-----|:-----------| - | Partial | The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. | - | Total | The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability. | - + | Value | Definition | + |:-----|:-----------| + | Partial | The exploit gives the adversary limited control over, or information exposure about, the behavior of the software that contains the vulnerability. Or the exploit gives the adversary an importantly low stochastic opportunity for total control. | + | Total | The exploit gives the adversary total control over the behavior of the software, or it gives total disclosure of all information on the system that contains the vulnerability. | + === "JSON" ```json diff --git a/docs/_generated/decision_points/utility_1_0_0.md b/docs/_generated/decision_points/utility_1_0_0.md index ad2c9515..94744ef5 100644 --- a/docs/_generated/decision_points/utility_1_0_0.md +++ b/docs/_generated/decision_points/utility_1_0_0.md @@ -1,18 +1,18 @@ !!! note "Utility v1.0.0" - === "Text" - - The Usefulness of the Exploit to the Adversary +=== "Text" + + The Usefulness of the Exploit to the Adversary | Value | Definition | |:-----|:-----------| | Laborious | Slow virulence and diffuse value | | Efficient | Rapid virulence and diffuse value OR Slow virulence and concentrated value | | Super Effective | Rapid virulence and concentrated value | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/utility_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/utility_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/utility_1_0_1.md b/docs/_generated/decision_points/utility_1_0_1.md index 5051791c..a04d062d 100644 --- a/docs/_generated/decision_points/utility_1_0_1.md +++ b/docs/_generated/decision_points/utility_1_0_1.md @@ -1,18 +1,18 @@ !!! note "Utility v1.0.1" - === "Text" - - The Usefulness of the Exploit to the Adversary +=== "Text" + + The Usefulness of the Exploit to the Adversary | Value | Definition | |:-----|:-----------| | Laborious | No to automatable and diffuse value | | Efficient | Yes to automatable and diffuse value OR No to automatable and concentrated value | | Super Effective | Yes to automatable and concentrated value | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/utility_1_0_1.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/utility_1_0_1.json" %} + ``` diff --git a/docs/_generated/decision_points/value_density_1_0_0.md b/docs/_generated/decision_points/value_density_1_0_0.md index c1351297..3f9ec42b 100644 --- a/docs/_generated/decision_points/value_density_1_0_0.md +++ b/docs/_generated/decision_points/value_density_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Value Density v1.0.0" - === "Text" - - The concentration of value in the target +=== "Text" + + The concentration of value in the target | Value | Definition | |:-----|:-----------| | Diffuse | The system that contains the vulnerable component has limited resources. That is, the resources that the adversary will gain control over with a single exploitation event are relatively small. | | Concentrated | The system that contains the vulnerable component is rich in resources. Heuristically, such systems are often the direct responsibility of “system operators” rather than users. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/value_density_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/value_density_1_0_0.json" %} + ``` diff --git a/docs/_generated/decision_points/virulence_1_0_0.md b/docs/_generated/decision_points/virulence_1_0_0.md index 63e7497f..db3df78d 100644 --- a/docs/_generated/decision_points/virulence_1_0_0.md +++ b/docs/_generated/decision_points/virulence_1_0_0.md @@ -1,17 +1,17 @@ !!! note "Virulence v1.0.0" - === "Text" - - The speed at which the vulnerability can be exploited. +=== "Text" + + The speed at which the vulnerability can be exploited. | Value | Definition | |:-----|:-----------| | Slow | Steps 1-4 of the kill chain cannot be reliably automated for this vulnerability for some reason. These steps are reconnaissance, weaponization, delivery, and exploitation. | | Rapid | Steps 1-4 of the of the kill chain can be reliably automated. If the vulnerability allows remote code execution or command injection, the default response should be rapid. | - - === "JSON" - ```json - {% include "../../../data/json/decision_points/virulence_1_0_0.json" %} - ``` +=== "JSON" + + ```json + {% include "../../../data/json/decision_points/virulence_1_0_0.json" %} + ``` diff --git a/src/ssvc/doctools.py b/src/ssvc/doctools.py index 6ea50a53..bfefc05b 100644 --- a/src/ssvc/doctools.py +++ b/src/ssvc/doctools.py @@ -59,15 +59,15 @@ def _filename_friendly(name: str) -> str: MD_INCLUDE_TEMPLATE = """ !!! note "{dp.name} v{dp.version}" - === "Text" - - {table} - - === "JSON" +=== "Text" + + {table} - ```json - {{% include "{json_file}" %}} - ``` +=== "JSON" + + ```json + {{% include "{json_file}" %}} + ``` """