@blamejs/exceptd-skills 0.12.7 → 0.12.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +15 -1
- package/ARCHITECTURE.md +21 -5
- package/CHANGELOG.md +150 -0
- package/README.md +1 -1
- package/bin/exceptd.js +416 -69
- package/data/_indexes/_meta.json +44 -44
- package/data/_indexes/activity-feed.json +34 -34
- package/data/_indexes/catalog-summaries.json +9 -9
- package/data/_indexes/chains.json +249 -11
- package/data/_indexes/frequency.json +63 -5
- package/data/_indexes/jurisdiction-map.json +13 -3
- package/data/_indexes/section-offsets.json +1171 -1027
- package/data/_indexes/summary-cards.json +2 -2
- package/data/_indexes/token-budget.json +232 -152
- package/data/atlas-ttps.json +189 -1
- package/data/cve-catalog.json +34 -22
- package/data/cwe-catalog.json +290 -1
- package/data/d3fend-catalog.json +163 -1
- package/data/framework-control-gaps.json +243 -0
- package/data/playbooks/containers.json +23 -5
- package/data/playbooks/cred-stores.json +9 -9
- package/data/playbooks/crypto.json +8 -8
- package/data/playbooks/hardening.json +46 -10
- package/data/playbooks/library-author.json +16 -20
- package/data/playbooks/mcp.json +1 -0
- package/data/playbooks/runtime.json +7 -7
- package/data/playbooks/sbom.json +11 -11
- package/data/playbooks/secrets.json +4 -4
- package/data/rfc-references.json +144 -0
- package/lib/playbook-runner.js +119 -35
- package/lib/prefetch.js +27 -6
- package/lib/refresh-external.js +32 -9
- package/lib/schemas/skill-frontmatter.schema.json +2 -2
- package/manifest-snapshot.json +1 -1
- package/manifest.json +73 -73
- package/orchestrator/index.js +1 -1
- package/package.json +2 -1
- package/sbom.cdx.json +6 -6
- package/scripts/check-sbom-currency.js +87 -0
- package/scripts/check-test-coverage.README.md +148 -0
- package/scripts/check-test-coverage.js +476 -0
- package/scripts/hooks/pre-commit.sh +19 -0
- package/scripts/predeploy.js +14 -30
- package/skills/age-gates-child-safety/skill.md +3 -0
- package/skills/ai-attack-surface/skill.md +29 -1
- package/skills/ai-c2-detection/skill.md +30 -1
- package/skills/ai-risk-management/skill.md +3 -0
- package/skills/api-security/skill.md +3 -0
- package/skills/attack-surface-pentest/skill.md +3 -0
- package/skills/cloud-security/skill.md +3 -0
- package/skills/compliance-theater/skill.md +6 -0
- package/skills/container-runtime-security/skill.md +3 -0
- package/skills/coordinated-vuln-disclosure/skill.md +8 -1
- package/skills/defensive-countermeasure-mapping/skill.md +1 -1
- package/skills/dlp-gap-analysis/skill.md +3 -0
- package/skills/email-security-anti-phishing/skill.md +9 -1
- package/skills/exploit-scoring/skill.md +6 -0
- package/skills/identity-assurance/skill.md +6 -1
- package/skills/incident-response-playbook/skill.md +8 -2
- package/skills/kernel-lpe-triage/skill.md +24 -4
- package/skills/mcp-agent-trust/skill.md +28 -1
- package/skills/mlops-security/skill.md +3 -0
- package/skills/ot-ics-security/skill.md +3 -0
- package/skills/policy-exception-gen/skill.md +6 -0
- package/skills/rag-pipeline-security/skill.md +30 -1
- package/skills/researcher/skill.md +6 -0
- package/skills/sector-energy/skill.md +3 -0
- package/skills/sector-federal-government/skill.md +3 -0
- package/skills/sector-financial/skill.md +3 -0
- package/skills/sector-healthcare/skill.md +3 -0
- package/skills/security-maturity-tiers/skill.md +25 -1
- package/skills/skill-update-loop/skill.md +38 -0
- package/skills/supply-chain-integrity/skill.md +3 -0
- package/skills/threat-model-currency/skill.md +4 -0
- package/skills/threat-modeling-methodology/skill.md +3 -0
- package/skills/webapp-security/skill.md +3 -0
- package/skills/zeroday-gap-learn/skill.md +6 -0
package/data/_indexes/_meta.json
CHANGED
|
@@ -1,58 +1,58 @@
|
|
|
1
1
|
{
|
|
2
2
|
"schema_version": "1.1.0",
|
|
3
|
-
"generated_at": "2026-05-
|
|
3
|
+
"generated_at": "2026-05-13T15:42:51.077Z",
|
|
4
4
|
"generator": "scripts/build-indexes.js",
|
|
5
5
|
"source_count": 49,
|
|
6
6
|
"source_hashes": {
|
|
7
|
-
"manifest.json": "
|
|
8
|
-
"data/atlas-ttps.json": "
|
|
9
|
-
"data/cve-catalog.json": "
|
|
10
|
-
"data/cwe-catalog.json": "
|
|
11
|
-
"data/d3fend-catalog.json": "
|
|
7
|
+
"manifest.json": "9f566f47a27005f91dc31480151ff3c97d62f122569fc4e3b3a298c3d4e29f53",
|
|
8
|
+
"data/atlas-ttps.json": "f3f75ff2778a0a2c7d953a21386bc4f265cb2685ce41242eee45f9e9f2a6add6",
|
|
9
|
+
"data/cve-catalog.json": "ad92ef439d877b7b201f6ca4f3384d575886c389e2c845c985d17798b45a4ec6",
|
|
10
|
+
"data/cwe-catalog.json": "68e22967d39a9e22b82d7ac676125f829b551b2c2f3a9c564d3d942bf4ee6ecb",
|
|
11
|
+
"data/d3fend-catalog.json": "d219520c8d3eb61a270b25ea60f64721035e98a8d5d51d1a4e1f1140d9a586f9",
|
|
12
12
|
"data/dlp-controls.json": "8ea8d907aea0a2cfd772b048a62122a322ba3284a5c36a272ad5e9d392564cb5",
|
|
13
13
|
"data/exploit-availability.json": "7dad52f459c324c40aa4df7cd9157f6a19f670fdfb9d8f687d777c9d99798668",
|
|
14
|
-
"data/framework-control-gaps.json": "
|
|
14
|
+
"data/framework-control-gaps.json": "8804a10bf77e987453ea76ae717153118dc5cc625f42e98f78213b08fa144f73",
|
|
15
15
|
"data/global-frameworks.json": "84fd19061f052e4ccf66308a7b8d3fd38e00325e97e9e5e19e4d9b302c128957",
|
|
16
|
-
"data/rfc-references.json": "
|
|
16
|
+
"data/rfc-references.json": "583360bae01e324d752bd28a7d344b4276478381426428d683fc82b0ac19d64a",
|
|
17
17
|
"data/zeroday-lessons.json": "0840eacd580d4ee5bd7dc44ccea6d52bfa95096576af0ccf67132eea05bedd55",
|
|
18
|
-
"skills/kernel-lpe-triage/skill.md": "
|
|
19
|
-
"skills/ai-attack-surface/skill.md": "
|
|
20
|
-
"skills/mcp-agent-trust/skill.md": "
|
|
18
|
+
"skills/kernel-lpe-triage/skill.md": "e8b8601cd3b66d25150bf17f2edd2ef18f10ca6d81ee62aaf874432ee5bdc4b3",
|
|
19
|
+
"skills/ai-attack-surface/skill.md": "2775fe50d58d6437fb629b2f796714ef76ff7b86d271ee5bbd4064b9ca0b0ef6",
|
|
20
|
+
"skills/mcp-agent-trust/skill.md": "de17a4eee67096c737f2eb5972828445021e674fe6c28434cca34d290825739c",
|
|
21
21
|
"skills/framework-gap-analysis/skill.md": "86c86761b91d04bcd1ec684fb3d65cf5c2881fde59b03d33fa59baddbbf64d31",
|
|
22
|
-
"skills/compliance-theater/skill.md": "
|
|
23
|
-
"skills/exploit-scoring/skill.md": "
|
|
24
|
-
"skills/rag-pipeline-security/skill.md": "
|
|
25
|
-
"skills/ai-c2-detection/skill.md": "
|
|
26
|
-
"skills/policy-exception-gen/skill.md": "
|
|
27
|
-
"skills/threat-model-currency/skill.md": "
|
|
22
|
+
"skills/compliance-theater/skill.md": "e05a1df149b241421e86d81adcf4eae42697721f3a9ea8ffc54dd79cc03bd67b",
|
|
23
|
+
"skills/exploit-scoring/skill.md": "d51a5b7b614eb8d7fe539ec1943cfb6f0387e95cfe4eec39102564a9f93ac363",
|
|
24
|
+
"skills/rag-pipeline-security/skill.md": "061d9dd18fd930cddc11fdfa063847b9688d24fe785278e4d01f529f494d797c",
|
|
25
|
+
"skills/ai-c2-detection/skill.md": "a92158c113f7aa6a45be721727fda2957bbe9c52139e396e54f4bfa6a721a821",
|
|
26
|
+
"skills/policy-exception-gen/skill.md": "a6103dd567405f02ba767ee1ce2432c2c564688389efc789cf05cd61c4c8774c",
|
|
27
|
+
"skills/threat-model-currency/skill.md": "438a5f8e193a2684c37fc329ab3ab6e0d4a0365a4a04cb9e6a14fc8ddc15dfc7",
|
|
28
28
|
"skills/global-grc/skill.md": "a9f4477368e260609793b77275e65e255b5c8067b7ae777047a70f3edb373e50",
|
|
29
|
-
"skills/zeroday-gap-learn/skill.md": "
|
|
29
|
+
"skills/zeroday-gap-learn/skill.md": "581ad3600287195d4e669627bcb3e07241375c11f0d68b73faad114a9e946d42",
|
|
30
30
|
"skills/pqc-first/skill.md": "5b4300d71890c16b1de31d380859babaa3631729cedb0c0a397a1ff097524773",
|
|
31
|
-
"skills/skill-update-loop/skill.md": "
|
|
32
|
-
"skills/security-maturity-tiers/skill.md": "
|
|
33
|
-
"skills/researcher/skill.md": "
|
|
34
|
-
"skills/attack-surface-pentest/skill.md": "
|
|
31
|
+
"skills/skill-update-loop/skill.md": "6956359babb31e6c21e9ca3e4331b895700747a28559f8cee5d81fee9d1d8a02",
|
|
32
|
+
"skills/security-maturity-tiers/skill.md": "92470f55e07027974359a5f3945e4bce6b849fc7fb849ab543f2d457393db98b",
|
|
33
|
+
"skills/researcher/skill.md": "1d1ad5a264f964cc9042058b492a4706fb2e8d26885b1137fef790325c5805d8",
|
|
34
|
+
"skills/attack-surface-pentest/skill.md": "40f5a6a6c80e6084a1c09fb0085d0083f4970385bf76098015e57fc17ad7b326",
|
|
35
35
|
"skills/fuzz-testing-strategy/skill.md": "83b1929a0d1e09a58908b91125ebc91ff14323ab9acc9bab6c4b04903b69b837",
|
|
36
|
-
"skills/dlp-gap-analysis/skill.md": "
|
|
37
|
-
"skills/supply-chain-integrity/skill.md": "
|
|
38
|
-
"skills/defensive-countermeasure-mapping/skill.md": "
|
|
39
|
-
"skills/identity-assurance/skill.md": "
|
|
40
|
-
"skills/ot-ics-security/skill.md": "
|
|
41
|
-
"skills/coordinated-vuln-disclosure/skill.md": "
|
|
42
|
-
"skills/threat-modeling-methodology/skill.md": "
|
|
43
|
-
"skills/webapp-security/skill.md": "
|
|
44
|
-
"skills/ai-risk-management/skill.md": "
|
|
45
|
-
"skills/sector-healthcare/skill.md": "
|
|
46
|
-
"skills/sector-financial/skill.md": "
|
|
47
|
-
"skills/sector-federal-government/skill.md": "
|
|
48
|
-
"skills/sector-energy/skill.md": "
|
|
49
|
-
"skills/api-security/skill.md": "
|
|
50
|
-
"skills/cloud-security/skill.md": "
|
|
51
|
-
"skills/container-runtime-security/skill.md": "
|
|
52
|
-
"skills/mlops-security/skill.md": "
|
|
53
|
-
"skills/incident-response-playbook/skill.md": "
|
|
54
|
-
"skills/email-security-anti-phishing/skill.md": "
|
|
55
|
-
"skills/age-gates-child-safety/skill.md": "
|
|
36
|
+
"skills/dlp-gap-analysis/skill.md": "61149c692de109d5cfd00cada60478539f28374380b5ce17017603d71967ab58",
|
|
37
|
+
"skills/supply-chain-integrity/skill.md": "961eb734df9965fa726720ac9f849bdcdc32108625d1d589602005967b836ea8",
|
|
38
|
+
"skills/defensive-countermeasure-mapping/skill.md": "e62c71ba3be2b4d0f7dfa529fec007cba6bee3013f76b93756e3e6310f2d22ab",
|
|
39
|
+
"skills/identity-assurance/skill.md": "a4aff24b0d0f4684d144f85cbc74c8a9a5711a7ec9c6d473f677f053dc1c658c",
|
|
40
|
+
"skills/ot-ics-security/skill.md": "500a002b662217393243d093efa639cdf30ca76d1869d6c1896425492c5d652e",
|
|
41
|
+
"skills/coordinated-vuln-disclosure/skill.md": "c96fd2254abf8a29819f8175da85094bea1afe589fecc92abcf1289b30895030",
|
|
42
|
+
"skills/threat-modeling-methodology/skill.md": "eb03a6c12c637c38917fecd97007459dfe99cbab5dfae696a736f08db13c124c",
|
|
43
|
+
"skills/webapp-security/skill.md": "009d9050e3c27f789efbc4c0dba4245b66d49182b503736be6a344591ba93f54",
|
|
44
|
+
"skills/ai-risk-management/skill.md": "1bbdba6b46efba8c88f8e7e1930777d39a65709ea434b6a53eed01814fa9fdad",
|
|
45
|
+
"skills/sector-healthcare/skill.md": "43608ca43eefc3a9238f6c6b0c7993e519420ffab5a18d96e17310f44ac6225a",
|
|
46
|
+
"skills/sector-financial/skill.md": "d7b538cd71a8384c9e19a86e7971049f2c1f651677e4ab9b5a1caf9526b178da",
|
|
47
|
+
"skills/sector-federal-government/skill.md": "0d18ede4d0c04975ea22bfa53b0f6d62eeb70861e16a27d239d25928fa3ff21f",
|
|
48
|
+
"skills/sector-energy/skill.md": "07ca8b582b3a94657006395ce0ef15ecb2030f676f119900b4fdb9b213f04200",
|
|
49
|
+
"skills/api-security/skill.md": "99af9882f57e884b3f66f1c17a4bc6ee24ed6531f0e28b3bdeccd5d77429ffa6",
|
|
50
|
+
"skills/cloud-security/skill.md": "18fc0f16689f3560023c9d919bec03070d3c2198dc186d1b7ca9cfe35fbfa108",
|
|
51
|
+
"skills/container-runtime-security/skill.md": "f481878aa40c42662424d32b320fc825e2550b7874224765e2150a97f0afeafb",
|
|
52
|
+
"skills/mlops-security/skill.md": "c9fb9281191b2684424f96b3d4447fe40907f633b0506e22100d909141f497be",
|
|
53
|
+
"skills/incident-response-playbook/skill.md": "27202d956fcc06c0cef7ad1ca6f352e2cdf06189516e22f796704a44c2ab2734",
|
|
54
|
+
"skills/email-security-anti-phishing/skill.md": "90e15fb89a36ac704cb092801130351a5c33bb7154bd023a347309c1a6a4f164",
|
|
55
|
+
"skills/age-gates-child-safety/skill.md": "c741d7dca9da0abb09bdebb8a02e803ce4ae9fb9a6904fb8df3ec19cae83917d"
|
|
56
56
|
},
|
|
57
57
|
"skill_count": 38,
|
|
58
58
|
"catalog_count": 10,
|
|
@@ -68,12 +68,12 @@
|
|
|
68
68
|
},
|
|
69
69
|
"trigger_table_entries": 453,
|
|
70
70
|
"chains_cve_entries": 6,
|
|
71
|
-
"chains_cwe_entries":
|
|
71
|
+
"chains_cwe_entries": 51,
|
|
72
72
|
"jurisdictions_indexed": 29,
|
|
73
73
|
"handoff_dag_nodes": 38,
|
|
74
74
|
"summary_cards": 38,
|
|
75
75
|
"section_offsets_skills": 38,
|
|
76
|
-
"token_budget_total_approx":
|
|
76
|
+
"token_budget_total_approx": 342364,
|
|
77
77
|
"recipes": 8,
|
|
78
78
|
"jurisdiction_clocks": 29,
|
|
79
79
|
"did_ladders": 8,
|
|
@@ -5,6 +5,38 @@
|
|
|
5
5
|
"event_count": 49
|
|
6
6
|
},
|
|
7
7
|
"events": [
|
|
8
|
+
{
|
|
9
|
+
"date": "2026-05-13",
|
|
10
|
+
"type": "catalog_update",
|
|
11
|
+
"artifact": "data/atlas-ttps.json",
|
|
12
|
+
"path": "data/atlas-ttps.json",
|
|
13
|
+
"schema_version": "1.0.0",
|
|
14
|
+
"entry_count": 15
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"date": "2026-05-13",
|
|
18
|
+
"type": "catalog_update",
|
|
19
|
+
"artifact": "data/cve-catalog.json",
|
|
20
|
+
"path": "data/cve-catalog.json",
|
|
21
|
+
"schema_version": "1.0.0",
|
|
22
|
+
"entry_count": 6
|
|
23
|
+
},
|
|
24
|
+
{
|
|
25
|
+
"date": "2026-05-13",
|
|
26
|
+
"type": "catalog_update",
|
|
27
|
+
"artifact": "data/cwe-catalog.json",
|
|
28
|
+
"path": "data/cwe-catalog.json",
|
|
29
|
+
"schema_version": "1.0.0",
|
|
30
|
+
"entry_count": 51
|
|
31
|
+
},
|
|
32
|
+
{
|
|
33
|
+
"date": "2026-05-13",
|
|
34
|
+
"type": "catalog_update",
|
|
35
|
+
"artifact": "data/d3fend-catalog.json",
|
|
36
|
+
"path": "data/d3fend-catalog.json",
|
|
37
|
+
"schema_version": "1.0.0",
|
|
38
|
+
"entry_count": 28
|
|
39
|
+
},
|
|
8
40
|
{
|
|
9
41
|
"date": "2026-05-11",
|
|
10
42
|
"type": "skill_review",
|
|
@@ -166,30 +198,6 @@
|
|
|
166
198
|
"path": "skills/age-gates-child-safety/skill.md",
|
|
167
199
|
"note": "Age-related gates and child online safety for mid-2026 — COPPA + CIPA + California AADC + GDPR Art. 8 + DSA Art. 28 + UK Online Safety Act + UK Children's Code + AU Online Safety Act + IN DPDPA child provisions + KOSA pending; age verification standards (IEEE 2089-2021, OpenID Connect age claims); AI product age policies"
|
|
168
200
|
},
|
|
169
|
-
{
|
|
170
|
-
"date": "2026-05-11",
|
|
171
|
-
"type": "catalog_update",
|
|
172
|
-
"artifact": "data/cve-catalog.json",
|
|
173
|
-
"path": "data/cve-catalog.json",
|
|
174
|
-
"schema_version": "1.0.0",
|
|
175
|
-
"entry_count": 6
|
|
176
|
-
},
|
|
177
|
-
{
|
|
178
|
-
"date": "2026-05-11",
|
|
179
|
-
"type": "catalog_update",
|
|
180
|
-
"artifact": "data/cwe-catalog.json",
|
|
181
|
-
"path": "data/cwe-catalog.json",
|
|
182
|
-
"schema_version": "1.0.0",
|
|
183
|
-
"entry_count": 34
|
|
184
|
-
},
|
|
185
|
-
{
|
|
186
|
-
"date": "2026-05-11",
|
|
187
|
-
"type": "catalog_update",
|
|
188
|
-
"artifact": "data/d3fend-catalog.json",
|
|
189
|
-
"path": "data/d3fend-catalog.json",
|
|
190
|
-
"schema_version": "1.0.0",
|
|
191
|
-
"entry_count": 20
|
|
192
|
-
},
|
|
193
201
|
{
|
|
194
202
|
"date": "2026-05-11",
|
|
195
203
|
"type": "catalog_update",
|
|
@@ -212,7 +220,7 @@
|
|
|
212
220
|
"artifact": "data/rfc-references.json",
|
|
213
221
|
"path": "data/rfc-references.json",
|
|
214
222
|
"schema_version": "1.0.0",
|
|
215
|
-
"entry_count":
|
|
223
|
+
"entry_count": 31
|
|
216
224
|
},
|
|
217
225
|
{
|
|
218
226
|
"date": "2026-05-01",
|
|
@@ -319,14 +327,6 @@
|
|
|
319
327
|
"path": "skills/security-maturity-tiers/skill.md",
|
|
320
328
|
"note": "Three-tier implementation roadmap — MVP (ship this week), Practical (scalable today), Overkill (defense-in-depth)"
|
|
321
329
|
},
|
|
322
|
-
{
|
|
323
|
-
"date": "2026-05-01",
|
|
324
|
-
"type": "catalog_update",
|
|
325
|
-
"artifact": "data/atlas-ttps.json",
|
|
326
|
-
"path": "data/atlas-ttps.json",
|
|
327
|
-
"schema_version": "1.0.0",
|
|
328
|
-
"entry_count": 9
|
|
329
|
-
},
|
|
330
330
|
{
|
|
331
331
|
"date": "2026-05-01",
|
|
332
332
|
"type": "catalog_update",
|
|
@@ -341,7 +341,7 @@
|
|
|
341
341
|
"artifact": "data/framework-control-gaps.json",
|
|
342
342
|
"path": "data/framework-control-gaps.json",
|
|
343
343
|
"schema_version": "1.0.0",
|
|
344
|
-
"entry_count":
|
|
344
|
+
"entry_count": 59
|
|
345
345
|
},
|
|
346
346
|
{
|
|
347
347
|
"date": "2026-05-01",
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
"path": "data/atlas-ttps.json",
|
|
10
10
|
"purpose": "MITRE ATLAS TTPs (AML.T0xxx) cited by skills, with tactic, name, description. Pinned to ATLAS v5.1.0 (November 2025).",
|
|
11
11
|
"schema_version": "1.0.0",
|
|
12
|
-
"last_updated": "2026-05-
|
|
12
|
+
"last_updated": "2026-05-13",
|
|
13
13
|
"tlp": "CLEAR",
|
|
14
14
|
"source_confidence_default": "A1",
|
|
15
15
|
"freshness_policy": {
|
|
@@ -18,7 +18,7 @@
|
|
|
18
18
|
"rebuild_after_days": 365,
|
|
19
19
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
20
20
|
},
|
|
21
|
-
"entry_count":
|
|
21
|
+
"entry_count": 15,
|
|
22
22
|
"sample_keys": [
|
|
23
23
|
"AML.T0043",
|
|
24
24
|
"AML.T0010",
|
|
@@ -31,7 +31,7 @@
|
|
|
31
31
|
"path": "data/cve-catalog.json",
|
|
32
32
|
"purpose": "Per-CVE record (CVSS, EPSS, CISA KEV, RWEP, AI-discovery, vendor advisories, framework gaps, ATLAS/ATT&CK mappings). Cross-validated against NVD + CISA KEV + FIRST EPSS via validate-cves.",
|
|
33
33
|
"schema_version": "1.0.0",
|
|
34
|
-
"last_updated": "2026-05-
|
|
34
|
+
"last_updated": "2026-05-13",
|
|
35
35
|
"tlp": "CLEAR",
|
|
36
36
|
"source_confidence_default": "A1",
|
|
37
37
|
"freshness_policy": {
|
|
@@ -53,7 +53,7 @@
|
|
|
53
53
|
"path": "data/cwe-catalog.json",
|
|
54
54
|
"purpose": "MITRE CWE entries used by the project (subset with skill citations), with severity hint and category. Pinned to a CWE catalog version.",
|
|
55
55
|
"schema_version": "1.0.0",
|
|
56
|
-
"last_updated": "2026-05-
|
|
56
|
+
"last_updated": "2026-05-13",
|
|
57
57
|
"tlp": "CLEAR",
|
|
58
58
|
"source_confidence_default": "A1",
|
|
59
59
|
"freshness_policy": {
|
|
@@ -62,7 +62,7 @@
|
|
|
62
62
|
"rebuild_after_days": 365,
|
|
63
63
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
64
64
|
},
|
|
65
|
-
"entry_count":
|
|
65
|
+
"entry_count": 51,
|
|
66
66
|
"sample_keys": [
|
|
67
67
|
"CWE-787",
|
|
68
68
|
"CWE-79",
|
|
@@ -75,7 +75,7 @@
|
|
|
75
75
|
"path": "data/d3fend-catalog.json",
|
|
76
76
|
"purpose": "MITRE D3FEND countermeasures (D3-xxx) keyed by id, with tactic + name. Pinned to D3FEND v1.0.0 release.",
|
|
77
77
|
"schema_version": "1.0.0",
|
|
78
|
-
"last_updated": "2026-05-
|
|
78
|
+
"last_updated": "2026-05-13",
|
|
79
79
|
"tlp": "CLEAR",
|
|
80
80
|
"source_confidence_default": "A1",
|
|
81
81
|
"freshness_policy": {
|
|
@@ -84,7 +84,7 @@
|
|
|
84
84
|
"rebuild_after_days": 365,
|
|
85
85
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
86
86
|
},
|
|
87
|
-
"entry_count":
|
|
87
|
+
"entry_count": 28,
|
|
88
88
|
"sample_keys": [
|
|
89
89
|
"D3-EAL",
|
|
90
90
|
"D3-EHB",
|
|
@@ -150,7 +150,7 @@
|
|
|
150
150
|
"rebuild_after_days": 365,
|
|
151
151
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
152
152
|
},
|
|
153
|
-
"entry_count":
|
|
153
|
+
"entry_count": 59,
|
|
154
154
|
"sample_keys": [
|
|
155
155
|
"NIST-800-53-SI-2",
|
|
156
156
|
"NIST-800-53-SC-8",
|
|
@@ -194,7 +194,7 @@
|
|
|
194
194
|
"rebuild_after_days": 365,
|
|
195
195
|
"note": "Per-entry last_verified governs decay. Skills depending on this catalog must check entry freshness before high-stakes use."
|
|
196
196
|
},
|
|
197
|
-
"entry_count":
|
|
197
|
+
"entry_count": 31,
|
|
198
198
|
"sample_keys": [
|
|
199
199
|
"RFC-8446",
|
|
200
200
|
"DRAFT-IETF-TLS-ECDHE-MLKEM",
|
|
@@ -12,8 +12,8 @@
|
|
|
12
12
|
"rwep": 90,
|
|
13
13
|
"cvss": 7.8,
|
|
14
14
|
"cisa_kev": true,
|
|
15
|
-
"epss_score": 0.
|
|
16
|
-
"epss_percentile": 0.
|
|
15
|
+
"epss_score": 0.0257,
|
|
16
|
+
"epss_percentile": 0.8569,
|
|
17
17
|
"referencing_skills": [
|
|
18
18
|
"kernel-lpe-triage",
|
|
19
19
|
"exploit-scoring",
|
|
@@ -271,10 +271,10 @@
|
|
|
271
271
|
"CVE-2026-43284": {
|
|
272
272
|
"name": "Dirty Frag (ESP/IPsec component)",
|
|
273
273
|
"rwep": 38,
|
|
274
|
-
"cvss":
|
|
274
|
+
"cvss": 8.8,
|
|
275
275
|
"cisa_kev": false,
|
|
276
|
-
"epss_score": 0.
|
|
277
|
-
"epss_percentile": 0.
|
|
276
|
+
"epss_score": 0.00007,
|
|
277
|
+
"epss_percentile": 0.0051,
|
|
278
278
|
"referencing_skills": [
|
|
279
279
|
"kernel-lpe-triage",
|
|
280
280
|
"pqc-first",
|
|
@@ -483,8 +483,8 @@
|
|
|
483
483
|
"rwep": 32,
|
|
484
484
|
"cvss": 7.6,
|
|
485
485
|
"cisa_kev": false,
|
|
486
|
-
"epss_score": 0.
|
|
487
|
-
"epss_percentile": 0.
|
|
486
|
+
"epss_score": 0.0001,
|
|
487
|
+
"epss_percentile": 0.0115,
|
|
488
488
|
"referencing_skills": [
|
|
489
489
|
"kernel-lpe-triage",
|
|
490
490
|
"pqc-first",
|
|
@@ -1251,9 +1251,9 @@
|
|
|
1251
1251
|
}
|
|
1252
1252
|
},
|
|
1253
1253
|
"CVE-2026-30615": {
|
|
1254
|
-
"name": "Windsurf MCP
|
|
1254
|
+
"name": "Windsurf MCP Local-Vector RCE via Adversarial Tool Response",
|
|
1255
1255
|
"rwep": 35,
|
|
1256
|
-
"cvss":
|
|
1256
|
+
"cvss": 8,
|
|
1257
1257
|
"cisa_kev": false,
|
|
1258
1258
|
"epss_score": 0.14,
|
|
1259
1259
|
"epss_percentile": 0.86,
|
|
@@ -1756,8 +1756,8 @@
|
|
|
1756
1756
|
"rwep": 45,
|
|
1757
1757
|
"cvss": 9.6,
|
|
1758
1758
|
"cisa_kev": false,
|
|
1759
|
-
"epss_score": 0.
|
|
1760
|
-
"epss_percentile": 0.
|
|
1759
|
+
"epss_score": 0.00039,
|
|
1760
|
+
"epss_percentile": 0.1179,
|
|
1761
1761
|
"referencing_skills": [],
|
|
1762
1762
|
"chain": {
|
|
1763
1763
|
"cwes": [],
|
|
@@ -7148,5 +7148,243 @@
|
|
|
7148
7148
|
"CVE-2025-53773",
|
|
7149
7149
|
"CVE-2026-30615"
|
|
7150
7150
|
]
|
|
7151
|
+
},
|
|
7152
|
+
"CWE-250": {
|
|
7153
|
+
"name": "Execution with Unnecessary Privileges",
|
|
7154
|
+
"category": "Privilege Management",
|
|
7155
|
+
"referencing_skills": [],
|
|
7156
|
+
"skill_count": 0,
|
|
7157
|
+
"chain": {
|
|
7158
|
+
"atlas": [],
|
|
7159
|
+
"attack_refs": [],
|
|
7160
|
+
"framework_gaps": [],
|
|
7161
|
+
"d3fend": [],
|
|
7162
|
+
"rfc_refs": []
|
|
7163
|
+
},
|
|
7164
|
+
"related_cves": []
|
|
7165
|
+
},
|
|
7166
|
+
"CWE-256": {
|
|
7167
|
+
"name": "Plaintext Storage of a Password",
|
|
7168
|
+
"category": "Credentials Management",
|
|
7169
|
+
"referencing_skills": [],
|
|
7170
|
+
"skill_count": 0,
|
|
7171
|
+
"chain": {
|
|
7172
|
+
"atlas": [],
|
|
7173
|
+
"attack_refs": [],
|
|
7174
|
+
"framework_gaps": [],
|
|
7175
|
+
"d3fend": [],
|
|
7176
|
+
"rfc_refs": []
|
|
7177
|
+
},
|
|
7178
|
+
"related_cves": []
|
|
7179
|
+
},
|
|
7180
|
+
"CWE-284": {
|
|
7181
|
+
"name": "Improper Access Control",
|
|
7182
|
+
"category": "Access Control",
|
|
7183
|
+
"referencing_skills": [],
|
|
7184
|
+
"skill_count": 0,
|
|
7185
|
+
"chain": {
|
|
7186
|
+
"atlas": [],
|
|
7187
|
+
"attack_refs": [],
|
|
7188
|
+
"framework_gaps": [],
|
|
7189
|
+
"d3fend": [],
|
|
7190
|
+
"rfc_refs": []
|
|
7191
|
+
},
|
|
7192
|
+
"related_cves": []
|
|
7193
|
+
},
|
|
7194
|
+
"CWE-310": {
|
|
7195
|
+
"name": "Cryptographic Issues",
|
|
7196
|
+
"category": "Cryptography",
|
|
7197
|
+
"referencing_skills": [],
|
|
7198
|
+
"skill_count": 0,
|
|
7199
|
+
"chain": {
|
|
7200
|
+
"atlas": [],
|
|
7201
|
+
"attack_refs": [],
|
|
7202
|
+
"framework_gaps": [],
|
|
7203
|
+
"d3fend": [],
|
|
7204
|
+
"rfc_refs": []
|
|
7205
|
+
},
|
|
7206
|
+
"related_cves": []
|
|
7207
|
+
},
|
|
7208
|
+
"CWE-312": {
|
|
7209
|
+
"name": "Cleartext Storage of Sensitive Information",
|
|
7210
|
+
"category": "Data Protection",
|
|
7211
|
+
"referencing_skills": [],
|
|
7212
|
+
"skill_count": 0,
|
|
7213
|
+
"chain": {
|
|
7214
|
+
"atlas": [],
|
|
7215
|
+
"attack_refs": [],
|
|
7216
|
+
"framework_gaps": [],
|
|
7217
|
+
"d3fend": [],
|
|
7218
|
+
"rfc_refs": []
|
|
7219
|
+
},
|
|
7220
|
+
"related_cves": []
|
|
7221
|
+
},
|
|
7222
|
+
"CWE-326": {
|
|
7223
|
+
"name": "Inadequate Encryption Strength",
|
|
7224
|
+
"category": "Cryptography",
|
|
7225
|
+
"referencing_skills": [],
|
|
7226
|
+
"skill_count": 0,
|
|
7227
|
+
"chain": {
|
|
7228
|
+
"atlas": [],
|
|
7229
|
+
"attack_refs": [],
|
|
7230
|
+
"framework_gaps": [],
|
|
7231
|
+
"d3fend": [],
|
|
7232
|
+
"rfc_refs": []
|
|
7233
|
+
},
|
|
7234
|
+
"related_cves": []
|
|
7235
|
+
},
|
|
7236
|
+
"CWE-328": {
|
|
7237
|
+
"name": "Use of Weak Hash",
|
|
7238
|
+
"category": "Cryptography",
|
|
7239
|
+
"referencing_skills": [],
|
|
7240
|
+
"skill_count": 0,
|
|
7241
|
+
"chain": {
|
|
7242
|
+
"atlas": [],
|
|
7243
|
+
"attack_refs": [],
|
|
7244
|
+
"framework_gaps": [],
|
|
7245
|
+
"d3fend": [],
|
|
7246
|
+
"rfc_refs": []
|
|
7247
|
+
},
|
|
7248
|
+
"related_cves": []
|
|
7249
|
+
},
|
|
7250
|
+
"CWE-329": {
|
|
7251
|
+
"name": "Generation of Predictable IV with CBC Mode",
|
|
7252
|
+
"category": "Cryptography",
|
|
7253
|
+
"referencing_skills": [],
|
|
7254
|
+
"skill_count": 0,
|
|
7255
|
+
"chain": {
|
|
7256
|
+
"atlas": [],
|
|
7257
|
+
"attack_refs": [],
|
|
7258
|
+
"framework_gaps": [],
|
|
7259
|
+
"d3fend": [],
|
|
7260
|
+
"rfc_refs": []
|
|
7261
|
+
},
|
|
7262
|
+
"related_cves": []
|
|
7263
|
+
},
|
|
7264
|
+
"CWE-330": {
|
|
7265
|
+
"name": "Use of Insufficiently Random Values",
|
|
7266
|
+
"category": "Cryptography",
|
|
7267
|
+
"referencing_skills": [],
|
|
7268
|
+
"skill_count": 0,
|
|
7269
|
+
"chain": {
|
|
7270
|
+
"atlas": [],
|
|
7271
|
+
"attack_refs": [],
|
|
7272
|
+
"framework_gaps": [],
|
|
7273
|
+
"d3fend": [],
|
|
7274
|
+
"rfc_refs": []
|
|
7275
|
+
},
|
|
7276
|
+
"related_cves": []
|
|
7277
|
+
},
|
|
7278
|
+
"CWE-331": {
|
|
7279
|
+
"name": "Insufficient Entropy",
|
|
7280
|
+
"category": "Cryptography",
|
|
7281
|
+
"referencing_skills": [],
|
|
7282
|
+
"skill_count": 0,
|
|
7283
|
+
"chain": {
|
|
7284
|
+
"atlas": [],
|
|
7285
|
+
"attack_refs": [],
|
|
7286
|
+
"framework_gaps": [],
|
|
7287
|
+
"d3fend": [],
|
|
7288
|
+
"rfc_refs": []
|
|
7289
|
+
},
|
|
7290
|
+
"related_cves": []
|
|
7291
|
+
},
|
|
7292
|
+
"CWE-338": {
|
|
7293
|
+
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
|
|
7294
|
+
"category": "Cryptography",
|
|
7295
|
+
"referencing_skills": [],
|
|
7296
|
+
"skill_count": 0,
|
|
7297
|
+
"chain": {
|
|
7298
|
+
"atlas": [],
|
|
7299
|
+
"attack_refs": [],
|
|
7300
|
+
"framework_gaps": [],
|
|
7301
|
+
"d3fend": [],
|
|
7302
|
+
"rfc_refs": []
|
|
7303
|
+
},
|
|
7304
|
+
"related_cves": []
|
|
7305
|
+
},
|
|
7306
|
+
"CWE-353": {
|
|
7307
|
+
"name": "Missing Support for Integrity Check",
|
|
7308
|
+
"category": "Integrity",
|
|
7309
|
+
"referencing_skills": [],
|
|
7310
|
+
"skill_count": 0,
|
|
7311
|
+
"chain": {
|
|
7312
|
+
"atlas": [],
|
|
7313
|
+
"attack_refs": [],
|
|
7314
|
+
"framework_gaps": [],
|
|
7315
|
+
"d3fend": [],
|
|
7316
|
+
"rfc_refs": []
|
|
7317
|
+
},
|
|
7318
|
+
"related_cves": []
|
|
7319
|
+
},
|
|
7320
|
+
"CWE-426": {
|
|
7321
|
+
"name": "Untrusted Search Path",
|
|
7322
|
+
"category": "Privilege Management",
|
|
7323
|
+
"referencing_skills": [],
|
|
7324
|
+
"skill_count": 0,
|
|
7325
|
+
"chain": {
|
|
7326
|
+
"atlas": [],
|
|
7327
|
+
"attack_refs": [],
|
|
7328
|
+
"framework_gaps": [],
|
|
7329
|
+
"d3fend": [],
|
|
7330
|
+
"rfc_refs": []
|
|
7331
|
+
},
|
|
7332
|
+
"related_cves": []
|
|
7333
|
+
},
|
|
7334
|
+
"CWE-522": {
|
|
7335
|
+
"name": "Insufficiently Protected Credentials",
|
|
7336
|
+
"category": "Credentials Management",
|
|
7337
|
+
"referencing_skills": [],
|
|
7338
|
+
"skill_count": 0,
|
|
7339
|
+
"chain": {
|
|
7340
|
+
"atlas": [],
|
|
7341
|
+
"attack_refs": [],
|
|
7342
|
+
"framework_gaps": [],
|
|
7343
|
+
"d3fend": [],
|
|
7344
|
+
"rfc_refs": []
|
|
7345
|
+
},
|
|
7346
|
+
"related_cves": []
|
|
7347
|
+
},
|
|
7348
|
+
"CWE-759": {
|
|
7349
|
+
"name": "Use of a One-Way Hash without a Salt",
|
|
7350
|
+
"category": "Cryptography",
|
|
7351
|
+
"referencing_skills": [],
|
|
7352
|
+
"skill_count": 0,
|
|
7353
|
+
"chain": {
|
|
7354
|
+
"atlas": [],
|
|
7355
|
+
"attack_refs": [],
|
|
7356
|
+
"framework_gaps": [],
|
|
7357
|
+
"d3fend": [],
|
|
7358
|
+
"rfc_refs": []
|
|
7359
|
+
},
|
|
7360
|
+
"related_cves": []
|
|
7361
|
+
},
|
|
7362
|
+
"CWE-760": {
|
|
7363
|
+
"name": "Use of a One-Way Hash with a Predictable Salt",
|
|
7364
|
+
"category": "Cryptography",
|
|
7365
|
+
"referencing_skills": [],
|
|
7366
|
+
"skill_count": 0,
|
|
7367
|
+
"chain": {
|
|
7368
|
+
"atlas": [],
|
|
7369
|
+
"attack_refs": [],
|
|
7370
|
+
"framework_gaps": [],
|
|
7371
|
+
"d3fend": [],
|
|
7372
|
+
"rfc_refs": []
|
|
7373
|
+
},
|
|
7374
|
+
"related_cves": []
|
|
7375
|
+
},
|
|
7376
|
+
"CWE-916": {
|
|
7377
|
+
"name": "Use of Password Hash With Insufficient Computational Effort",
|
|
7378
|
+
"category": "Cryptography",
|
|
7379
|
+
"referencing_skills": [],
|
|
7380
|
+
"skill_count": 0,
|
|
7381
|
+
"chain": {
|
|
7382
|
+
"atlas": [],
|
|
7383
|
+
"attack_refs": [],
|
|
7384
|
+
"framework_gaps": [],
|
|
7385
|
+
"d3fend": [],
|
|
7386
|
+
"rfc_refs": []
|
|
7387
|
+
},
|
|
7388
|
+
"related_cves": []
|
|
7151
7389
|
}
|
|
7152
7390
|
}
|