This reposiory is a collection of security keywords that have been extracted from relevant security sources (such as the CWE, OWASP, CVE, RFC 4949). Our efforts also include dividing these keywords into four categories of asset, attack/threat, control/mitigation, and implicit categories. We believe there are interesting use cases that can be built on top of these categories.
- Asset/Personally Identifiable Information (PII),
- Threat (terms related to threats, attacks and vulnerabilities),
- Control (terms related to implemented security controls or countermeasures/mitigations), and
- Implicit/Indirect (terms that are indirectly related to security and not in the above 3 categories).
Current application of these terms can be found in the classification model we built for identifying security messages: https://marketplace.atlassian.com/plugins/no.tosin.oyetoyan.plugins.jirasecplugin/server/overview and https://bitbucket.org/ootos/jirasecplugin
We envisage further use cases such as:
- Risk estimations
- Data-Driven Security Board Games
- Attack Tree generation from unstructured data sources
If you find this useful, please send me a mail at: "tosin.oyetoyan@gmail.com" and you are very much welcome to contribute to the keywords :-)