@blamejs/exceptd-skills 0.12.25 → 0.12.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/CHANGELOG.md +44 -0
  2. package/data/_indexes/_meta.json +19 -18
  3. package/data/_indexes/activity-feed.json +11 -4
  4. package/data/_indexes/catalog-summaries.json +4 -4
  5. package/data/_indexes/chains.json +241 -6
  6. package/data/_indexes/currency.json +10 -1
  7. package/data/_indexes/frequency.json +170 -55
  8. package/data/_indexes/handoff-dag.json +4 -0
  9. package/data/_indexes/jurisdiction-map.json +23 -12
  10. package/data/_indexes/section-offsets.json +94 -0
  11. package/data/_indexes/stale-content.json +14 -2
  12. package/data/_indexes/summary-cards.json +54 -0
  13. package/data/_indexes/token-budget.json +58 -3
  14. package/data/_indexes/trigger-table.json +66 -0
  15. package/data/_indexes/xref.json +58 -8
  16. package/data/atlas-ttps.json +37 -0
  17. package/data/framework-control-gaps.json +162 -0
  18. package/data/rfc-references.json +2 -1
  19. package/manifest-snapshot.json +68 -2
  20. package/manifest-snapshot.sha256 +1 -1
  21. package/manifest.json +126 -40
  22. package/package.json +1 -1
  23. package/sbom.cdx.json +7 -7
  24. package/skills/sector-telecom/skill.md +259 -0
package/data/_indexes/frequency.json CHANGED
@@ -125,11 +125,12 @@
125
125
  ]
126
126
  },
127
127
  "CWE-918": {
128
- "count": 4,
128
+ "count": 5,
129
129
  "skills": [
130
130
  "api-security",
131
131
  "attack-surface-pentest",
132
132
  "mcp-agent-trust",
133
+ "sector-telecom",
133
134
  "webapp-security"
134
135
  ]
135
136
  },
@@ -244,7 +245,7 @@
244
245
  ]
245
246
  },
246
247
  "CWE-287": {
247
- "count": 9,
248
+ "count": 10,
248
249
  "skills": [
249
250
  "age-gates-child-safety",
250
251
  "api-security",
@@ -254,15 +255,17 @@
254
255
  "sector-energy",
255
256
  "sector-financial",
256
257
  "sector-healthcare",
258
+ "sector-telecom",
257
259
  "webapp-security"
258
260
  ]
259
261
  },
260
262
  "CWE-306": {
261
- "count": 3,
263
+ "count": 4,
262
264
  "skills": [
263
265
  "identity-assurance",
264
266
  "ot-ics-security",
265
- "sector-energy"
267
+ "sector-energy",
268
+ "sector-telecom"
266
269
  ]
267
270
  },
268
271
  "CWE-798": {
@@ -340,25 +343,27 @@
340
343
  ]
341
344
  },
342
345
  "D3-IOPR": {
343
- "count": 6,
346
+ "count": 7,
344
347
  "skills": [
345
348
  "ai-attack-surface",
346
349
  "ai-c2-detection",
347
350
  "defensive-countermeasure-mapping",
348
351
  "dlp-gap-analysis",
349
352
  "fuzz-testing-strategy",
350
- "rag-pipeline-security"
353
+ "rag-pipeline-security",
354
+ "sector-telecom"
351
355
  ]
352
356
  },
353
357
  "D3-NTA": {
354
- "count": 6,
358
+ "count": 7,
355
359
  "skills": [
356
360
  "ai-attack-surface",
357
361
  "ai-c2-detection",
358
362
  "attack-surface-pentest",
359
363
  "defensive-countermeasure-mapping",
360
364
  "dlp-gap-analysis",
361
- "rag-pipeline-security"
365
+ "rag-pipeline-security",
366
+ "sector-telecom"
362
367
  ]
363
368
  },
364
369
  "D3-CBAN": {
@@ -410,18 +415,20 @@
410
415
  ]
411
416
  },
412
417
  "D3-NI": {
413
- "count": 2,
418
+ "count": 3,
414
419
  "skills": [
415
420
  "ai-c2-detection",
416
- "defensive-countermeasure-mapping"
421
+ "defensive-countermeasure-mapping",
422
+ "sector-telecom"
417
423
  ]
418
424
  },
419
425
  "D3-NTPM": {
420
- "count": 3,
426
+ "count": 4,
421
427
  "skills": [
422
428
  "ai-c2-detection",
423
429
  "defensive-countermeasure-mapping",
424
- "dlp-gap-analysis"
430
+ "dlp-gap-analysis",
431
+ "sector-telecom"
425
432
  ]
426
433
  },
427
434
  "D3-FE": {
@@ -834,6 +841,60 @@
834
841
  "ot-ics-security",
835
842
  "sector-energy"
836
843
  ]
844
+ },
845
+ "FCC-CPNI-4.1": {
846
+ "count": 1,
847
+ "skills": [
848
+ "sector-telecom"
849
+ ]
850
+ },
851
+ "FCC-Cyber-Incident-Notification-2024": {
852
+ "count": 1,
853
+ "skills": [
854
+ "sector-telecom"
855
+ ]
856
+ },
857
+ "NIS2-Annex-I-Telecom": {
858
+ "count": 1,
859
+ "skills": [
860
+ "sector-telecom"
861
+ ]
862
+ },
863
+ "DORA-Art-21-Telecom-ICT": {
864
+ "count": 1,
865
+ "skills": [
866
+ "sector-telecom"
867
+ ]
868
+ },
869
+ "UK-CAF-B5": {
870
+ "count": 1,
871
+ "skills": [
872
+ "sector-telecom"
873
+ ]
874
+ },
875
+ "AU-ISM-1556": {
876
+ "count": 1,
877
+ "skills": [
878
+ "sector-telecom"
879
+ ]
880
+ },
881
+ "GSMA-NESAS-Deployment": {
882
+ "count": 1,
883
+ "skills": [
884
+ "sector-telecom"
885
+ ]
886
+ },
887
+ "3GPP-TR-33.926": {
888
+ "count": 1,
889
+ "skills": [
890
+ "sector-telecom"
891
+ ]
892
+ },
893
+ "ITU-T-X.805": {
894
+ "count": 1,
895
+ "skills": [
896
+ "sector-telecom"
897
+ ]
837
898
  }
838
899
  },
839
900
  "atlas_refs": {
@@ -930,6 +991,12 @@
930
991
  "ot-ics-security",
931
992
  "supply-chain-integrity"
932
993
  ]
994
+ },
995
+ "AML.T0040": {
996
+ "count": 1,
997
+ "skills": [
998
+ "sector-telecom"
999
+ ]
933
1000
  }
934
1001
  },
935
1002
  "attack_refs": {
@@ -964,7 +1031,7 @@
964
1031
  ]
965
1032
  },
966
1033
  "T1190": {
967
- "count": 12,
1034
+ "count": 13,
968
1035
  "skills": [
969
1036
  "ai-attack-surface",
970
1037
  "api-security",
@@ -977,6 +1044,7 @@
977
1044
  "sector-energy",
978
1045
  "sector-federal-government",
979
1046
  "sector-financial",
1047
+ "sector-telecom",
980
1048
  "webapp-security"
981
1049
  ]
982
1050
  },
@@ -997,9 +1065,10 @@
997
1065
  ]
998
1066
  },
999
1067
  "T1071": {
1000
- "count": 1,
1068
+ "count": 2,
1001
1069
  "skills": [
1002
- "ai-c2-detection"
1070
+ "ai-c2-detection",
1071
+ "sector-telecom"
1003
1072
  ]
1004
1073
  },
1005
1074
  "T1102": {
@@ -1021,7 +1090,7 @@
1021
1090
  ]
1022
1091
  },
1023
1092
  "T1078": {
1024
- "count": 10,
1093
+ "count": 11,
1025
1094
  "skills": [
1026
1095
  "age-gates-child-safety",
1027
1096
  "api-security",
@@ -1032,7 +1101,8 @@
1032
1101
  "incident-response-playbook",
1033
1102
  "sector-energy",
1034
1103
  "sector-financial",
1035
- "sector-healthcare"
1104
+ "sector-healthcare",
1105
+ "sector-telecom"
1036
1106
  ]
1037
1107
  },
1038
1108
  "T1567": {
@@ -1081,9 +1151,10 @@
1081
1151
  ]
1082
1152
  },
1083
1153
  "T1556": {
1084
- "count": 1,
1154
+ "count": 2,
1085
1155
  "skills": [
1086
- "identity-assurance"
1156
+ "identity-assurance",
1157
+ "sector-telecom"
1087
1158
  ]
1088
1159
  },
1089
1160
  "T1110": {
@@ -1119,6 +1190,18 @@
1119
1190
  "sector-financial"
1120
1191
  ]
1121
1192
  },
1193
+ "T1098": {
1194
+ "count": 1,
1195
+ "skills": [
1196
+ "sector-telecom"
1197
+ ]
1198
+ },
1199
+ "T1199": {
1200
+ "count": 1,
1201
+ "skills": [
1202
+ "sector-telecom"
1203
+ ]
1204
+ },
1122
1205
  "T1552": {
1123
1206
  "count": 1,
1124
1207
  "skills": [
@@ -1309,6 +1392,12 @@
1309
1392
  "skills": [
1310
1393
  "pqc-first"
1311
1394
  ]
1395
+ },
1396
+ "RFC-9622": {
1397
+ "count": 1,
1398
+ "skills": [
1399
+ "sector-telecom"
1400
+ ]
1312
1401
  }
1313
1402
  },
1314
1403
  "dlp_refs": {}
@@ -1317,7 +1406,7 @@
1317
1406
  "cwe_refs": [
1318
1407
  {
1319
1408
  "id": "CWE-287",
1320
- "count": 9,
1409
+ "count": 10,
1321
1410
  "skills": [
1322
1411
  "age-gates-child-safety",
1323
1412
  "api-security",
@@ -1327,6 +1416,7 @@
1327
1416
  "sector-energy",
1328
1417
  "sector-financial",
1329
1418
  "sector-healthcare",
1419
+ "sector-telecom",
1330
1420
  "webapp-security"
1331
1421
  ]
1332
1422
  },
@@ -1425,13 +1515,14 @@
1425
1515
  ]
1426
1516
  },
1427
1517
  {
1428
- "id": "CWE-1357",
1429
- "count": 4,
1518
+ "id": "CWE-918",
1519
+ "count": 5,
1430
1520
  "skills": [
1431
- "coordinated-vuln-disclosure",
1432
- "mlops-security",
1433
- "sector-federal-government",
1434
- "supply-chain-integrity"
1521
+ "api-security",
1522
+ "attack-surface-pentest",
1523
+ "mcp-agent-trust",
1524
+ "sector-telecom",
1525
+ "webapp-security"
1435
1526
  ]
1436
1527
  }
1437
1528
  ],
@@ -1450,41 +1541,53 @@
1450
1541
  ]
1451
1542
  },
1452
1543
  {
1453
- "id": "D3-CSPP",
1454
- "count": 6,
1544
+ "id": "D3-IOPR",
1545
+ "count": 7,
1455
1546
  "skills": [
1547
+ "ai-attack-surface",
1456
1548
  "ai-c2-detection",
1457
- "attack-surface-pentest",
1458
1549
  "defensive-countermeasure-mapping",
1459
1550
  "dlp-gap-analysis",
1460
- "mcp-agent-trust",
1461
- "rag-pipeline-security"
1551
+ "fuzz-testing-strategy",
1552
+ "rag-pipeline-security",
1553
+ "sector-telecom"
1462
1554
  ]
1463
1555
  },
1464
1556
  {
1465
- "id": "D3-IOPR",
1466
- "count": 6,
1557
+ "id": "D3-NTA",
1558
+ "count": 7,
1467
1559
  "skills": [
1468
1560
  "ai-attack-surface",
1469
1561
  "ai-c2-detection",
1562
+ "attack-surface-pentest",
1470
1563
  "defensive-countermeasure-mapping",
1471
1564
  "dlp-gap-analysis",
1472
- "fuzz-testing-strategy",
1473
- "rag-pipeline-security"
1565
+ "rag-pipeline-security",
1566
+ "sector-telecom"
1474
1567
  ]
1475
1568
  },
1476
1569
  {
1477
- "id": "D3-NTA",
1570
+ "id": "D3-CSPP",
1478
1571
  "count": 6,
1479
1572
  "skills": [
1480
- "ai-attack-surface",
1481
1573
  "ai-c2-detection",
1482
1574
  "attack-surface-pentest",
1483
1575
  "defensive-countermeasure-mapping",
1484
1576
  "dlp-gap-analysis",
1577
+ "mcp-agent-trust",
1485
1578
  "rag-pipeline-security"
1486
1579
  ]
1487
1580
  },
1581
+ {
1582
+ "id": "D3-NTPM",
1583
+ "count": 4,
1584
+ "skills": [
1585
+ "ai-c2-detection",
1586
+ "defensive-countermeasure-mapping",
1587
+ "dlp-gap-analysis",
1588
+ "sector-telecom"
1589
+ ]
1590
+ },
1488
1591
  {
1489
1592
  "id": "D3-CBAN",
1490
1593
  "count": 3,
@@ -1504,12 +1607,12 @@
1504
1607
  ]
1505
1608
  },
1506
1609
  {
1507
- "id": "D3-NTPM",
1610
+ "id": "D3-NI",
1508
1611
  "count": 3,
1509
1612
  "skills": [
1510
1613
  "ai-c2-detection",
1511
1614
  "defensive-countermeasure-mapping",
1512
- "dlp-gap-analysis"
1615
+ "sector-telecom"
1513
1616
  ]
1514
1617
  },
1515
1618
  {
@@ -1528,14 +1631,6 @@
1528
1631
  "defensive-countermeasure-mapping",
1529
1632
  "kernel-lpe-triage"
1530
1633
  ]
1531
- },
1532
- {
1533
- "id": "D3-CA",
1534
- "count": 2,
1535
- "skills": [
1536
- "ai-c2-detection",
1537
- "defensive-countermeasure-mapping"
1538
- ]
1539
1634
  }
1540
1635
  ],
1541
1636
  "framework_gaps": [
@@ -1753,12 +1848,19 @@
1753
1848
  "ai-attack-surface",
1754
1849
  "rag-pipeline-security"
1755
1850
  ]
1851
+ },
1852
+ {
1853
+ "id": "AML.T0040",
1854
+ "count": 1,
1855
+ "skills": [
1856
+ "sector-telecom"
1857
+ ]
1756
1858
  }
1757
1859
  ],
1758
1860
  "attack_refs": [
1759
1861
  {
1760
1862
  "id": "T1190",
1761
- "count": 12,
1863
+ "count": 13,
1762
1864
  "skills": [
1763
1865
  "ai-attack-surface",
1764
1866
  "api-security",
@@ -1771,12 +1873,13 @@
1771
1873
  "sector-energy",
1772
1874
  "sector-federal-government",
1773
1875
  "sector-financial",
1876
+ "sector-telecom",
1774
1877
  "webapp-security"
1775
1878
  ]
1776
1879
  },
1777
1880
  {
1778
1881
  "id": "T1078",
1779
- "count": 10,
1882
+ "count": 11,
1780
1883
  "skills": [
1781
1884
  "age-gates-child-safety",
1782
1885
  "api-security",
@@ -1787,7 +1890,8 @@
1787
1890
  "incident-response-playbook",
1788
1891
  "sector-energy",
1789
1892
  "sector-financial",
1790
- "sector-healthcare"
1893
+ "sector-healthcare",
1894
+ "sector-telecom"
1791
1895
  ]
1792
1896
  },
1793
1897
  {
@@ -1992,9 +2096,17 @@
1992
2096
  "D3-SCP"
1993
2097
  ],
1994
2098
  "framework_gaps": [
2099
+ "3GPP-TR-33.926",
1995
2100
  "ALL-MCP-TOOL-TRUST",
2101
+ "AU-ISM-1556",
1996
2102
  "CWE-Top-25-2024-meta",
1997
2103
  "CycloneDX-v1.6-SBOM",
2104
+ "DORA-Art-21-Telecom-ICT",
2105
+ "FCC-CPNI-4.1",
2106
+ "FCC-Cyber-Incident-Notification-2024",
2107
+ "GSMA-NESAS-Deployment",
2108
+ "ITU-T-X.805",
2109
+ "NIS2-Annex-I-Telecom",
1998
2110
  "NIST-800-53-SI-12",
1999
2111
  "NIST-800-53-SI-2",
2000
2112
  "NIST-800-63B-rev4",
@@ -2004,20 +2116,23 @@
2004
2116
  "PCI-DSS-4.0-6.3.3",
2005
2117
  "PTES-Pre-engagement",
2006
2118
  "SPDX-v3.0-SBOM",
2119
+ "UK-CAF-B5",
2007
2120
  "VEX-CSAF-v2.1"
2008
2121
  ],
2009
- "atlas_refs": [],
2122
+ "atlas_refs": [
2123
+ "AML.T0040"
2124
+ ],
2010
2125
  "attack_refs": [
2011
- "T1071",
2126
+ "T1098",
2012
2127
  "T1102",
2013
2128
  "T1110",
2014
2129
  "T1133",
2015
2130
  "T1195.002",
2131
+ "T1199",
2016
2132
  "T1213",
2017
2133
  "T1505",
2018
2134
  "T1548.001",
2019
2135
  "T1552",
2020
- "T1556",
2021
2136
  "T1566.001",
2022
2137
  "T1566.002",
2023
2138
  "T1566.003",
@@ -2034,6 +2149,7 @@
2034
2149
  "RFC-9000",
2035
2150
  "RFC-9106",
2036
2151
  "RFC-9420",
2152
+ "RFC-9622",
2037
2153
  "RFC-9794"
2038
2154
  ],
2039
2155
  "dlp_refs": []
@@ -2143,8 +2259,7 @@
2143
2259
  "RFC-8705",
2144
2260
  "RFC-9112",
2145
2261
  "RFC-9116",
2146
- "RFC-9449",
2147
- "RFC-9622"
2262
+ "RFC-9449"
2148
2263
  ],
2149
2264
  "dlp_refs": [
2150
2265
  "DLP-CHAN-CLIPBOARD-AI",
package/data/_indexes/handoff-dag.json CHANGED
@@ -31,6 +31,7 @@
31
31
  "sector-federal-government",
32
32
  "sector-financial",
33
33
  "sector-healthcare",
34
+ "sector-telecom",
34
35
  "security-maturity-tiers",
35
36
  "skill-update-loop",
36
37
  "supply-chain-integrity",
@@ -294,6 +295,7 @@
294
295
  "rag-pipeline-security",
295
296
  "supply-chain-integrity"
296
297
  ],
298
+ "sector-telecom": [],
297
299
  "api-security": [
298
300
  "ai-c2-detection",
299
301
  "defensive-countermeasure-mapping",
@@ -425,6 +427,7 @@
425
427
  "sector-federal-government": 4,
426
428
  "sector-financial": 5,
427
429
  "sector-healthcare": 4,
430
+ "sector-telecom": 0,
428
431
  "security-maturity-tiers": 1,
429
432
  "skill-update-loop": 2,
430
433
  "supply-chain-integrity": 15,
@@ -465,6 +468,7 @@
465
468
  "sector-federal-government": 9,
466
469
  "sector-financial": 12,
467
470
  "sector-healthcare": 12,
471
+ "sector-telecom": 0,
468
472
  "security-maturity-tiers": 0,
469
473
  "skill-update-loop": 21,
470
474
  "supply-chain-integrity": 2,
package/data/_indexes/jurisdiction-map.json CHANGED
@@ -32,6 +32,7 @@
32
32
  "sector-federal-government",
33
33
  "sector-financial",
34
34
  "sector-healthcare",
35
+ "sector-telecom",
35
36
  "security-maturity-tiers",
36
37
  "skill-update-loop",
37
38
  "supply-chain-integrity",
@@ -41,7 +42,7 @@
41
42
  "zeroday-gap-learn"
42
43
  ],
43
44
  "example_excerpts": {},
44
- "skill_count": 38
45
+ "skill_count": 39
45
46
  },
46
47
  "UK": {
47
48
  "skills": [
@@ -74,6 +75,7 @@
74
75
  "sector-federal-government",
75
76
  "sector-financial",
76
77
  "sector-healthcare",
78
+ "sector-telecom",
77
79
  "security-maturity-tiers",
78
80
  "skill-update-loop",
79
81
  "supply-chain-integrity",
@@ -83,7 +85,7 @@
83
85
  "zeroday-gap-learn"
84
86
  ],
85
87
  "example_excerpts": {},
86
- "skill_count": 36
88
+ "skill_count": 37
87
89
  },
88
90
  "AU": {
89
91
  "skills": [
@@ -117,6 +119,7 @@
117
119
  "sector-federal-government",
118
120
  "sector-financial",
119
121
  "sector-healthcare",
122
+ "sector-telecom",
120
123
  "security-maturity-tiers",
121
124
  "skill-update-loop",
122
125
  "supply-chain-integrity",
@@ -126,7 +129,7 @@
126
129
  "zeroday-gap-learn"
127
130
  ],
128
131
  "example_excerpts": {},
129
- "skill_count": 37
132
+ "skill_count": 38
130
133
  },
131
134
  "SG": {
132
135
  "skills": [
@@ -147,11 +150,12 @@
147
150
  "sector-federal-government",
148
151
  "sector-financial",
149
152
  "sector-healthcare",
153
+ "sector-telecom",
150
154
  "threat-modeling-methodology",
151
155
  "webapp-security"
152
156
  ],
153
157
  "example_excerpts": {},
154
- "skill_count": 19
158
+ "skill_count": 20
155
159
  },
156
160
  "JP": {
157
161
  "skills": [
@@ -174,12 +178,13 @@
174
178
  "sector-federal-government",
175
179
  "sector-financial",
176
180
  "sector-healthcare",
181
+ "sector-telecom",
177
182
  "supply-chain-integrity",
178
183
  "threat-modeling-methodology",
179
184
  "webapp-security"
180
185
  ],
181
186
  "example_excerpts": {},
182
- "skill_count": 22
187
+ "skill_count": 23
183
188
  },
184
189
  "IN": {
185
190
  "skills": [
@@ -197,10 +202,11 @@
197
202
  "researcher",
198
203
  "sector-financial",
199
204
  "sector-healthcare",
205
+ "sector-telecom",
200
206
  "threat-modeling-methodology"
201
207
  ],
202
208
  "example_excerpts": {},
203
- "skill_count": 15
209
+ "skill_count": 16
204
210
  },
205
211
  "CA": {
206
212
  "skills": [
@@ -216,11 +222,12 @@
216
222
  "sector-federal-government",
217
223
  "sector-financial",
218
224
  "sector-healthcare",
225
+ "sector-telecom",
219
226
  "skill-update-loop",
220
227
  "zeroday-gap-learn"
221
228
  ],
222
229
  "example_excerpts": {},
223
- "skill_count": 14
230
+ "skill_count": 15
224
231
  },
225
232
  "BR": {
226
233
  "skills": [
@@ -299,10 +306,11 @@
299
306
  },
300
307
  "NZ": {
301
308
  "skills": [
302
- "sector-financial"
309
+ "sector-financial",
310
+ "sector-telecom"
303
311
  ],
304
312
  "example_excerpts": {},
305
- "skill_count": 1
313
+ "skill_count": 2
306
314
  },
307
315
  "KR": {
308
316
  "skills": [
@@ -418,6 +426,7 @@
418
426
  "sector-federal-government",
419
427
  "sector-financial",
420
428
  "sector-healthcare",
429
+ "sector-telecom",
421
430
  "skill-update-loop",
422
431
  "supply-chain-integrity",
423
432
  "threat-model-currency",
@@ -426,7 +435,7 @@
426
435
  "zeroday-gap-learn"
427
436
  ],
428
437
  "example_excerpts": {},
429
- "skill_count": 37
438
+ "skill_count": 38
430
439
  },
431
440
  "VN": {
432
441
  "skills": [
@@ -484,9 +493,11 @@
484
493
  "skill_count": 1
485
494
  },
486
495
  "TR": {
487
- "skills": [],
496
+ "skills": [
497
+ "sector-telecom"
498
+ ],
488
499
  "example_excerpts": {},
489
- "skill_count": 0
500
+ "skill_count": 1
490
501
  },
491
502
  "TH": {
492
503
  "skills": [],