@blamejs/exceptd-skills 0.16.16 → 0.16.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +3 -1
- package/CHANGELOG.md +8 -0
- package/README.md +5 -5
- package/bin/exceptd.js +3 -0
- package/data/_indexes/_meta.json +16 -14
- package/data/_indexes/activity-feed.json +17 -3
- package/data/_indexes/catalog-summaries.json +1 -1
- package/data/_indexes/chains.json +26271 -1538
- package/data/_indexes/currency.json +19 -1
- package/data/_indexes/frequency.json +154 -92
- package/data/_indexes/handoff-dag.json +9 -1
- package/data/_indexes/jurisdiction-map.json +9 -3
- package/data/_indexes/section-offsets.json +170 -0
- package/data/_indexes/stale-content.json +1 -1
- package/data/_indexes/summary-cards.json +80 -0
- package/data/_indexes/token-budget.json +103 -3
- package/data/_indexes/trigger-table.json +91 -0
- package/data/_indexes/xref.json +41 -3
- package/data/cwe-catalog.json +75 -3
- package/data/playbooks/audit-log-integrity.json +3 -0
- package/data/playbooks/crypto-codebase.json +31 -8
- package/data/playbooks/decompression-dos.json +626 -0
- package/data/playbooks/framework.json +2 -0
- package/data/playbooks/log-injection-telemetry.json +619 -0
- package/data/playbooks/secrets.json +1 -0
- package/manifest-snapshot.json +107 -2
- package/manifest-snapshot.sha256 +1 -1
- package/manifest.json +163 -50
- package/package.json +2 -2
- package/sbom.cdx.json +94 -34
- package/skills/decompression-dos/skill.md +83 -0
- package/skills/log-injection-telemetry/skill.md +80 -0
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
"decay_formula": "100 base; -30/-20/-10/-5 at 180/90/60/30-day thresholds. forward_watch count does NOT affect the score (it's a maintenance signal, not a staleness one). Label thresholds: ≥90 current, ≥70 acceptable, ≥50 stale, <50 critical_stale."
|
|
7
7
|
},
|
|
8
8
|
"summary": {
|
|
9
|
-
"current":
|
|
9
|
+
"current": 50,
|
|
10
10
|
"acceptable": 0,
|
|
11
11
|
"stale": 0,
|
|
12
12
|
"critical_stale": 0,
|
|
@@ -121,6 +121,15 @@
|
|
|
121
121
|
"forward_watch_count": 6,
|
|
122
122
|
"action_required": false
|
|
123
123
|
},
|
|
124
|
+
{
|
|
125
|
+
"skill": "decompression-dos",
|
|
126
|
+
"last_threat_review": "2026-06-02",
|
|
127
|
+
"days_since_review": -18,
|
|
128
|
+
"currency_score": 100,
|
|
129
|
+
"currency_label": "current",
|
|
130
|
+
"forward_watch_count": 0,
|
|
131
|
+
"action_required": false
|
|
132
|
+
},
|
|
124
133
|
{
|
|
125
134
|
"skill": "defensive-countermeasure-mapping",
|
|
126
135
|
"last_threat_review": "2026-05-11",
|
|
@@ -220,6 +229,15 @@
|
|
|
220
229
|
"forward_watch_count": 4,
|
|
221
230
|
"action_required": false
|
|
222
231
|
},
|
|
232
|
+
{
|
|
233
|
+
"skill": "log-injection-telemetry",
|
|
234
|
+
"last_threat_review": "2026-06-02",
|
|
235
|
+
"days_since_review": -18,
|
|
236
|
+
"currency_score": 100,
|
|
237
|
+
"currency_label": "current",
|
|
238
|
+
"forward_watch_count": 0,
|
|
239
|
+
"action_required": false
|
|
240
|
+
},
|
|
223
241
|
{
|
|
224
242
|
"skill": "mail-server-hardening",
|
|
225
243
|
"last_threat_review": "2026-06-02",
|
|
@@ -78,10 +78,11 @@
|
|
|
78
78
|
]
|
|
79
79
|
},
|
|
80
80
|
"CWE-22": {
|
|
81
|
-
"count":
|
|
81
|
+
"count": 6,
|
|
82
82
|
"skills": [
|
|
83
83
|
"api-security",
|
|
84
84
|
"attack-surface-pentest",
|
|
85
|
+
"decompression-dos",
|
|
85
86
|
"mail-server-hardening",
|
|
86
87
|
"mcp-agent-trust",
|
|
87
88
|
"webapp-security"
|
|
@@ -132,10 +133,11 @@
|
|
|
132
133
|
]
|
|
133
134
|
},
|
|
134
135
|
"CWE-918": {
|
|
135
|
-
"count":
|
|
136
|
+
"count": 7,
|
|
136
137
|
"skills": [
|
|
137
138
|
"api-security",
|
|
138
139
|
"attack-surface-pentest",
|
|
140
|
+
"log-injection-telemetry",
|
|
139
141
|
"mcp-agent-trust",
|
|
140
142
|
"network-trust",
|
|
141
143
|
"sector-telecom",
|
|
@@ -221,12 +223,13 @@
|
|
|
221
223
|
]
|
|
222
224
|
},
|
|
223
225
|
"CWE-200": {
|
|
224
|
-
"count":
|
|
226
|
+
"count": 8,
|
|
225
227
|
"skills": [
|
|
226
228
|
"age-gates-child-safety",
|
|
227
229
|
"api-security",
|
|
228
230
|
"cloud-security",
|
|
229
231
|
"dlp-gap-analysis",
|
|
232
|
+
"log-injection-telemetry",
|
|
230
233
|
"sector-healthcare",
|
|
231
234
|
"vc-wallet-trust",
|
|
232
235
|
"webapp-security"
|
|
@@ -372,8 +375,9 @@
|
|
|
372
375
|
]
|
|
373
376
|
},
|
|
374
377
|
"CWE-400": {
|
|
375
|
-
"count":
|
|
378
|
+
"count": 3,
|
|
376
379
|
"skills": [
|
|
380
|
+
"decompression-dos",
|
|
377
381
|
"mail-server-hardening",
|
|
378
382
|
"multitenancy-isolation"
|
|
379
383
|
]
|
|
@@ -397,8 +401,9 @@
|
|
|
397
401
|
]
|
|
398
402
|
},
|
|
399
403
|
"CWE-770": {
|
|
400
|
-
"count":
|
|
404
|
+
"count": 2,
|
|
401
405
|
"skills": [
|
|
406
|
+
"decompression-dos",
|
|
402
407
|
"multitenancy-isolation"
|
|
403
408
|
]
|
|
404
409
|
},
|
|
@@ -407,6 +412,42 @@
|
|
|
407
412
|
"skills": [
|
|
408
413
|
"multitenancy-isolation"
|
|
409
414
|
]
|
|
415
|
+
},
|
|
416
|
+
"CWE-409": {
|
|
417
|
+
"count": 1,
|
|
418
|
+
"skills": [
|
|
419
|
+
"decompression-dos"
|
|
420
|
+
]
|
|
421
|
+
},
|
|
422
|
+
"CWE-1333": {
|
|
423
|
+
"count": 1,
|
|
424
|
+
"skills": [
|
|
425
|
+
"decompression-dos"
|
|
426
|
+
]
|
|
427
|
+
},
|
|
428
|
+
"CWE-776": {
|
|
429
|
+
"count": 1,
|
|
430
|
+
"skills": [
|
|
431
|
+
"decompression-dos"
|
|
432
|
+
]
|
|
433
|
+
},
|
|
434
|
+
"CWE-834": {
|
|
435
|
+
"count": 1,
|
|
436
|
+
"skills": [
|
|
437
|
+
"decompression-dos"
|
|
438
|
+
]
|
|
439
|
+
},
|
|
440
|
+
"CWE-117": {
|
|
441
|
+
"count": 1,
|
|
442
|
+
"skills": [
|
|
443
|
+
"log-injection-telemetry"
|
|
444
|
+
]
|
|
445
|
+
},
|
|
446
|
+
"CWE-532": {
|
|
447
|
+
"count": 1,
|
|
448
|
+
"skills": [
|
|
449
|
+
"log-injection-telemetry"
|
|
450
|
+
]
|
|
410
451
|
}
|
|
411
452
|
},
|
|
412
453
|
"d3fend_refs": {
|
|
@@ -592,10 +633,12 @@
|
|
|
592
633
|
},
|
|
593
634
|
"framework_gaps": {
|
|
594
635
|
"NIST-800-53-SI-2": {
|
|
595
|
-
"count":
|
|
636
|
+
"count": 5,
|
|
596
637
|
"skills": [
|
|
597
638
|
"audit-log-integrity",
|
|
639
|
+
"decompression-dos",
|
|
598
640
|
"kernel-lpe-triage",
|
|
641
|
+
"log-injection-telemetry",
|
|
599
642
|
"mail-server-hardening"
|
|
600
643
|
]
|
|
601
644
|
},
|
|
@@ -1000,8 +1043,10 @@
|
|
|
1000
1043
|
]
|
|
1001
1044
|
},
|
|
1002
1045
|
"AU-ISM-1556": {
|
|
1003
|
-
"count":
|
|
1046
|
+
"count": 5,
|
|
1004
1047
|
"skills": [
|
|
1048
|
+
"decompression-dos",
|
|
1049
|
+
"log-injection-telemetry",
|
|
1005
1050
|
"multitenancy-isolation",
|
|
1006
1051
|
"sector-telecom",
|
|
1007
1052
|
"self-update-integrity"
|
|
@@ -1167,9 +1212,11 @@
|
|
|
1167
1212
|
]
|
|
1168
1213
|
},
|
|
1169
1214
|
"NIS2-Art21-network-security": {
|
|
1170
|
-
"count":
|
|
1215
|
+
"count": 7,
|
|
1171
1216
|
"skills": [
|
|
1172
1217
|
"audit-log-integrity",
|
|
1218
|
+
"decompression-dos",
|
|
1219
|
+
"log-injection-telemetry",
|
|
1173
1220
|
"mail-server-hardening",
|
|
1174
1221
|
"multitenancy-isolation",
|
|
1175
1222
|
"network-trust",
|
|
@@ -1183,17 +1230,20 @@
|
|
|
1183
1230
|
]
|
|
1184
1231
|
},
|
|
1185
1232
|
"UK-CAF-B4": {
|
|
1186
|
-
"count":
|
|
1233
|
+
"count": 5,
|
|
1187
1234
|
"skills": [
|
|
1235
|
+
"decompression-dos",
|
|
1236
|
+
"log-injection-telemetry",
|
|
1188
1237
|
"multitenancy-isolation",
|
|
1189
1238
|
"network-trust",
|
|
1190
1239
|
"self-update-integrity"
|
|
1191
1240
|
]
|
|
1192
1241
|
},
|
|
1193
1242
|
"ISO-27001-2022-A.8.15": {
|
|
1194
|
-
"count":
|
|
1243
|
+
"count": 2,
|
|
1195
1244
|
"skills": [
|
|
1196
|
-
"audit-log-integrity"
|
|
1245
|
+
"audit-log-integrity",
|
|
1246
|
+
"log-injection-telemetry"
|
|
1197
1247
|
]
|
|
1198
1248
|
},
|
|
1199
1249
|
"NIST-800-53-SR-11": {
|
|
@@ -1335,10 +1385,11 @@
|
|
|
1335
1385
|
]
|
|
1336
1386
|
},
|
|
1337
1387
|
"T1059": {
|
|
1338
|
-
"count":
|
|
1388
|
+
"count": 6,
|
|
1339
1389
|
"skills": [
|
|
1340
1390
|
"ai-attack-surface",
|
|
1341
1391
|
"attack-surface-pentest",
|
|
1392
|
+
"decompression-dos",
|
|
1342
1393
|
"mcp-agent-trust",
|
|
1343
1394
|
"ransomware-response",
|
|
1344
1395
|
"webapp-security"
|
|
@@ -1436,18 +1487,20 @@
|
|
|
1436
1487
|
]
|
|
1437
1488
|
},
|
|
1438
1489
|
"T1530": {
|
|
1439
|
-
"count":
|
|
1490
|
+
"count": 5,
|
|
1440
1491
|
"skills": [
|
|
1441
1492
|
"cloud-security",
|
|
1442
1493
|
"dlp-gap-analysis",
|
|
1494
|
+
"log-injection-telemetry",
|
|
1443
1495
|
"multitenancy-isolation",
|
|
1444
1496
|
"sector-healthcare"
|
|
1445
1497
|
]
|
|
1446
1498
|
},
|
|
1447
1499
|
"T1213": {
|
|
1448
|
-
"count":
|
|
1500
|
+
"count": 2,
|
|
1449
1501
|
"skills": [
|
|
1450
|
-
"dlp-gap-analysis"
|
|
1502
|
+
"dlp-gap-analysis",
|
|
1503
|
+
"log-injection-telemetry"
|
|
1451
1504
|
]
|
|
1452
1505
|
},
|
|
1453
1506
|
"T1041": {
|
|
@@ -1645,9 +1698,10 @@
|
|
|
1645
1698
|
]
|
|
1646
1699
|
},
|
|
1647
1700
|
"T1565.001": {
|
|
1648
|
-
"count":
|
|
1701
|
+
"count": 2,
|
|
1649
1702
|
"skills": [
|
|
1650
|
-
"audit-log-integrity"
|
|
1703
|
+
"audit-log-integrity",
|
|
1704
|
+
"log-injection-telemetry"
|
|
1651
1705
|
]
|
|
1652
1706
|
},
|
|
1653
1707
|
"T1562.008": {
|
|
@@ -1663,14 +1717,16 @@
|
|
|
1663
1717
|
]
|
|
1664
1718
|
},
|
|
1665
1719
|
"T1499": {
|
|
1666
|
-
"count":
|
|
1720
|
+
"count": 2,
|
|
1667
1721
|
"skills": [
|
|
1722
|
+
"decompression-dos",
|
|
1668
1723
|
"multitenancy-isolation"
|
|
1669
1724
|
]
|
|
1670
1725
|
},
|
|
1671
1726
|
"T1499.001": {
|
|
1672
|
-
"count":
|
|
1727
|
+
"count": 2,
|
|
1673
1728
|
"skills": [
|
|
1729
|
+
"decompression-dos",
|
|
1674
1730
|
"multitenancy-isolation"
|
|
1675
1731
|
]
|
|
1676
1732
|
}
|
|
@@ -1899,12 +1955,13 @@
|
|
|
1899
1955
|
},
|
|
1900
1956
|
{
|
|
1901
1957
|
"id": "CWE-200",
|
|
1902
|
-
"count":
|
|
1958
|
+
"count": 8,
|
|
1903
1959
|
"skills": [
|
|
1904
1960
|
"age-gates-child-safety",
|
|
1905
1961
|
"api-security",
|
|
1906
1962
|
"cloud-security",
|
|
1907
1963
|
"dlp-gap-analysis",
|
|
1964
|
+
"log-injection-telemetry",
|
|
1908
1965
|
"sector-healthcare",
|
|
1909
1966
|
"vc-wallet-trust",
|
|
1910
1967
|
"webapp-security"
|
|
@@ -1936,6 +1993,19 @@
|
|
|
1936
1993
|
"webapp-security"
|
|
1937
1994
|
]
|
|
1938
1995
|
},
|
|
1996
|
+
{
|
|
1997
|
+
"id": "CWE-918",
|
|
1998
|
+
"count": 7,
|
|
1999
|
+
"skills": [
|
|
2000
|
+
"api-security",
|
|
2001
|
+
"attack-surface-pentest",
|
|
2002
|
+
"log-injection-telemetry",
|
|
2003
|
+
"mcp-agent-trust",
|
|
2004
|
+
"network-trust",
|
|
2005
|
+
"sector-telecom",
|
|
2006
|
+
"webapp-security"
|
|
2007
|
+
]
|
|
2008
|
+
},
|
|
1939
2009
|
{
|
|
1940
2010
|
"id": "CWE-1188",
|
|
1941
2011
|
"count": 6,
|
|
@@ -1973,26 +2043,14 @@
|
|
|
1973
2043
|
]
|
|
1974
2044
|
},
|
|
1975
2045
|
{
|
|
1976
|
-
"id": "CWE-
|
|
1977
|
-
"count": 6,
|
|
1978
|
-
"skills": [
|
|
1979
|
-
"attack-surface-pentest",
|
|
1980
|
-
"cloud-iam-incident",
|
|
1981
|
-
"container-runtime-security",
|
|
1982
|
-
"identity-assurance",
|
|
1983
|
-
"idp-incident-response",
|
|
1984
|
-
"webapp-security"
|
|
1985
|
-
]
|
|
1986
|
-
},
|
|
1987
|
-
{
|
|
1988
|
-
"id": "CWE-732",
|
|
2046
|
+
"id": "CWE-22",
|
|
1989
2047
|
"count": 6,
|
|
1990
2048
|
"skills": [
|
|
2049
|
+
"api-security",
|
|
1991
2050
|
"attack-surface-pentest",
|
|
1992
|
-
"
|
|
1993
|
-
"
|
|
1994
|
-
"
|
|
1995
|
-
"identity-assurance",
|
|
2051
|
+
"decompression-dos",
|
|
2052
|
+
"mail-server-hardening",
|
|
2053
|
+
"mcp-agent-trust",
|
|
1996
2054
|
"webapp-security"
|
|
1997
2055
|
]
|
|
1998
2056
|
}
|
|
@@ -2130,6 +2188,19 @@
|
|
|
2130
2188
|
"webapp-security"
|
|
2131
2189
|
]
|
|
2132
2190
|
},
|
|
2191
|
+
{
|
|
2192
|
+
"id": "NIS2-Art21-network-security",
|
|
2193
|
+
"count": 7,
|
|
2194
|
+
"skills": [
|
|
2195
|
+
"audit-log-integrity",
|
|
2196
|
+
"decompression-dos",
|
|
2197
|
+
"log-injection-telemetry",
|
|
2198
|
+
"mail-server-hardening",
|
|
2199
|
+
"multitenancy-isolation",
|
|
2200
|
+
"network-trust",
|
|
2201
|
+
"self-update-integrity"
|
|
2202
|
+
]
|
|
2203
|
+
},
|
|
2133
2204
|
{
|
|
2134
2205
|
"id": "NIST-800-53-AC-2",
|
|
2135
2206
|
"count": 7,
|
|
@@ -2155,6 +2226,17 @@
|
|
|
2155
2226
|
"webapp-security"
|
|
2156
2227
|
]
|
|
2157
2228
|
},
|
|
2229
|
+
{
|
|
2230
|
+
"id": "AU-ISM-1556",
|
|
2231
|
+
"count": 5,
|
|
2232
|
+
"skills": [
|
|
2233
|
+
"decompression-dos",
|
|
2234
|
+
"log-injection-telemetry",
|
|
2235
|
+
"multitenancy-isolation",
|
|
2236
|
+
"sector-telecom",
|
|
2237
|
+
"self-update-integrity"
|
|
2238
|
+
]
|
|
2239
|
+
},
|
|
2158
2240
|
{
|
|
2159
2241
|
"id": "ISO-27001-2022-A.8.30",
|
|
2160
2242
|
"count": 5,
|
|
@@ -2167,14 +2249,14 @@
|
|
|
2167
2249
|
]
|
|
2168
2250
|
},
|
|
2169
2251
|
{
|
|
2170
|
-
"id": "
|
|
2252
|
+
"id": "NIST-800-53-SI-2",
|
|
2171
2253
|
"count": 5,
|
|
2172
2254
|
"skills": [
|
|
2173
2255
|
"audit-log-integrity",
|
|
2174
|
-
"
|
|
2175
|
-
"
|
|
2176
|
-
"
|
|
2177
|
-
"
|
|
2256
|
+
"decompression-dos",
|
|
2257
|
+
"kernel-lpe-triage",
|
|
2258
|
+
"log-injection-telemetry",
|
|
2259
|
+
"mail-server-hardening"
|
|
2178
2260
|
]
|
|
2179
2261
|
},
|
|
2180
2262
|
{
|
|
@@ -2188,6 +2270,17 @@
|
|
|
2188
2270
|
"incident-response-playbook"
|
|
2189
2271
|
]
|
|
2190
2272
|
},
|
|
2273
|
+
{
|
|
2274
|
+
"id": "UK-CAF-B4",
|
|
2275
|
+
"count": 5,
|
|
2276
|
+
"skills": [
|
|
2277
|
+
"decompression-dos",
|
|
2278
|
+
"log-injection-telemetry",
|
|
2279
|
+
"multitenancy-isolation",
|
|
2280
|
+
"network-trust",
|
|
2281
|
+
"self-update-integrity"
|
|
2282
|
+
]
|
|
2283
|
+
},
|
|
2191
2284
|
{
|
|
2192
2285
|
"id": "FedRAMP-Rev5-Moderate",
|
|
2193
2286
|
"count": 4,
|
|
@@ -2197,36 +2290,6 @@
|
|
|
2197
2290
|
"sector-federal-government",
|
|
2198
2291
|
"supply-chain-integrity"
|
|
2199
2292
|
]
|
|
2200
|
-
},
|
|
2201
|
-
{
|
|
2202
|
-
"id": "ISO-27001-2022-A.8.16",
|
|
2203
|
-
"count": 4,
|
|
2204
|
-
"skills": [
|
|
2205
|
-
"ai-c2-detection",
|
|
2206
|
-
"dlp-gap-analysis",
|
|
2207
|
-
"email-security-anti-phishing",
|
|
2208
|
-
"incident-response-playbook"
|
|
2209
|
-
]
|
|
2210
|
-
},
|
|
2211
|
-
{
|
|
2212
|
-
"id": "ISO-IEC-42001-2023-clause-6.1.2",
|
|
2213
|
-
"count": 4,
|
|
2214
|
-
"skills": [
|
|
2215
|
-
"ai-risk-management",
|
|
2216
|
-
"dlp-gap-analysis",
|
|
2217
|
-
"mlops-security",
|
|
2218
|
-
"threat-modeling-methodology"
|
|
2219
|
-
]
|
|
2220
|
-
},
|
|
2221
|
-
{
|
|
2222
|
-
"id": "NIS2-Art21-patch-management",
|
|
2223
|
-
"count": 4,
|
|
2224
|
-
"skills": [
|
|
2225
|
-
"attack-surface-pentest",
|
|
2226
|
-
"kernel-lpe-triage",
|
|
2227
|
-
"ot-ics-security",
|
|
2228
|
-
"sector-energy"
|
|
2229
|
-
]
|
|
2230
2293
|
}
|
|
2231
2294
|
],
|
|
2232
2295
|
"atlas_refs": [
|
|
@@ -2398,15 +2461,27 @@
|
|
|
2398
2461
|
},
|
|
2399
2462
|
{
|
|
2400
2463
|
"id": "T1059",
|
|
2401
|
-
"count":
|
|
2464
|
+
"count": 6,
|
|
2402
2465
|
"skills": [
|
|
2403
2466
|
"ai-attack-surface",
|
|
2404
2467
|
"attack-surface-pentest",
|
|
2468
|
+
"decompression-dos",
|
|
2405
2469
|
"mcp-agent-trust",
|
|
2406
2470
|
"ransomware-response",
|
|
2407
2471
|
"webapp-security"
|
|
2408
2472
|
]
|
|
2409
2473
|
},
|
|
2474
|
+
{
|
|
2475
|
+
"id": "T1530",
|
|
2476
|
+
"count": 5,
|
|
2477
|
+
"skills": [
|
|
2478
|
+
"cloud-security",
|
|
2479
|
+
"dlp-gap-analysis",
|
|
2480
|
+
"log-injection-telemetry",
|
|
2481
|
+
"multitenancy-isolation",
|
|
2482
|
+
"sector-healthcare"
|
|
2483
|
+
]
|
|
2484
|
+
},
|
|
2410
2485
|
{
|
|
2411
2486
|
"id": "T1195.001",
|
|
2412
2487
|
"count": 4,
|
|
@@ -2417,16 +2492,6 @@
|
|
|
2417
2492
|
"supply-chain-integrity"
|
|
2418
2493
|
]
|
|
2419
2494
|
},
|
|
2420
|
-
{
|
|
2421
|
-
"id": "T1530",
|
|
2422
|
-
"count": 4,
|
|
2423
|
-
"skills": [
|
|
2424
|
-
"cloud-security",
|
|
2425
|
-
"dlp-gap-analysis",
|
|
2426
|
-
"multitenancy-isolation",
|
|
2427
|
-
"sector-healthcare"
|
|
2428
|
-
]
|
|
2429
|
-
},
|
|
2430
2495
|
{
|
|
2431
2496
|
"id": "T1556",
|
|
2432
2497
|
"count": 4,
|
|
@@ -2584,14 +2649,19 @@
|
|
|
2584
2649
|
},
|
|
2585
2650
|
"orphan_adjacent": {
|
|
2586
2651
|
"cwe_refs": [
|
|
2652
|
+
"CWE-117",
|
|
2653
|
+
"CWE-1333",
|
|
2587
2654
|
"CWE-20",
|
|
2588
2655
|
"CWE-327",
|
|
2589
2656
|
"CWE-353",
|
|
2657
|
+
"CWE-409",
|
|
2658
|
+
"CWE-532",
|
|
2590
2659
|
"CWE-611",
|
|
2591
2660
|
"CWE-639",
|
|
2592
2661
|
"CWE-668",
|
|
2593
|
-
"CWE-
|
|
2662
|
+
"CWE-776",
|
|
2594
2663
|
"CWE-778",
|
|
2664
|
+
"CWE-834",
|
|
2595
2665
|
"CWE-93"
|
|
2596
2666
|
],
|
|
2597
2667
|
"d3fend_refs": [
|
|
@@ -2617,7 +2687,6 @@
|
|
|
2617
2687
|
"FCC-Cyber-Incident-Notification-2024",
|
|
2618
2688
|
"FedRAMP-IL5-IAM-Federated",
|
|
2619
2689
|
"GSMA-NESAS-Deployment",
|
|
2620
|
-
"ISO-27001-2022-A.8.15",
|
|
2621
2690
|
"ISO-27001-2022-A.8.21",
|
|
2622
2691
|
"ISO-27017-Cloud-IAM",
|
|
2623
2692
|
"ITU-T-X.805",
|
|
@@ -2655,9 +2724,6 @@
|
|
|
2655
2724
|
"T1102",
|
|
2656
2725
|
"T1110",
|
|
2657
2726
|
"T1133",
|
|
2658
|
-
"T1213",
|
|
2659
|
-
"T1499",
|
|
2660
|
-
"T1499.001",
|
|
2661
2727
|
"T1505",
|
|
2662
2728
|
"T1538",
|
|
2663
2729
|
"T1548.001",
|
|
@@ -2666,7 +2732,6 @@
|
|
|
2666
2732
|
"T1552.005",
|
|
2667
2733
|
"T1556.007",
|
|
2668
2734
|
"T1562.008",
|
|
2669
|
-
"T1565.001",
|
|
2670
2735
|
"T1566.001",
|
|
2671
2736
|
"T1566.002",
|
|
2672
2737
|
"T1566.003",
|
|
@@ -2774,7 +2839,6 @@
|
|
|
2774
2839
|
"CWE-521",
|
|
2775
2840
|
"CWE-525",
|
|
2776
2841
|
"CWE-528",
|
|
2777
|
-
"CWE-532",
|
|
2778
2842
|
"CWE-539",
|
|
2779
2843
|
"CWE-540",
|
|
2780
2844
|
"CWE-547",
|
|
@@ -2804,11 +2868,9 @@
|
|
|
2804
2868
|
"CWE-759",
|
|
2805
2869
|
"CWE-760",
|
|
2806
2870
|
"CWE-772",
|
|
2807
|
-
"CWE-776",
|
|
2808
2871
|
"CWE-779",
|
|
2809
2872
|
"CWE-807",
|
|
2810
2873
|
"CWE-822",
|
|
2811
|
-
"CWE-834",
|
|
2812
2874
|
"CWE-835",
|
|
2813
2875
|
"CWE-843",
|
|
2814
2876
|
"CWE-88",
|
|
@@ -12,6 +12,7 @@
|
|
|
12
12
|
"compliance-theater",
|
|
13
13
|
"container-runtime-security",
|
|
14
14
|
"coordinated-vuln-disclosure",
|
|
15
|
+
"decompression-dos",
|
|
15
16
|
"defensive-countermeasure-mapping",
|
|
16
17
|
"dlp-gap-analysis",
|
|
17
18
|
"email-security-anti-phishing",
|
|
@@ -23,6 +24,7 @@
|
|
|
23
24
|
"idp-incident-response",
|
|
24
25
|
"incident-response-playbook",
|
|
25
26
|
"kernel-lpe-triage",
|
|
27
|
+
"log-injection-telemetry",
|
|
26
28
|
"mail-server-hardening",
|
|
27
29
|
"mcp-agent-trust",
|
|
28
30
|
"mlops-security",
|
|
@@ -525,7 +527,9 @@
|
|
|
525
527
|
"network-trust": [],
|
|
526
528
|
"audit-log-integrity": [],
|
|
527
529
|
"self-update-integrity": [],
|
|
528
|
-
"multitenancy-isolation": []
|
|
530
|
+
"multitenancy-isolation": [],
|
|
531
|
+
"decompression-dos": [],
|
|
532
|
+
"log-injection-telemetry": []
|
|
529
533
|
},
|
|
530
534
|
"in_degree": {
|
|
531
535
|
"age-gates-child-safety": 1,
|
|
@@ -540,6 +544,7 @@
|
|
|
540
544
|
"compliance-theater": 30,
|
|
541
545
|
"container-runtime-security": 4,
|
|
542
546
|
"coordinated-vuln-disclosure": 12,
|
|
547
|
+
"decompression-dos": 0,
|
|
543
548
|
"defensive-countermeasure-mapping": 18,
|
|
544
549
|
"dlp-gap-analysis": 15,
|
|
545
550
|
"email-security-anti-phishing": 6,
|
|
@@ -551,6 +556,7 @@
|
|
|
551
556
|
"idp-incident-response": 2,
|
|
552
557
|
"incident-response-playbook": 18,
|
|
553
558
|
"kernel-lpe-triage": 12,
|
|
559
|
+
"log-injection-telemetry": 0,
|
|
554
560
|
"mail-server-hardening": 0,
|
|
555
561
|
"mcp-agent-trust": 22,
|
|
556
562
|
"mlops-security": 6,
|
|
@@ -590,6 +596,7 @@
|
|
|
590
596
|
"compliance-theater": 12,
|
|
591
597
|
"container-runtime-security": 18,
|
|
592
598
|
"coordinated-vuln-disclosure": 12,
|
|
599
|
+
"decompression-dos": 0,
|
|
593
600
|
"defensive-countermeasure-mapping": 6,
|
|
594
601
|
"dlp-gap-analysis": 4,
|
|
595
602
|
"email-security-anti-phishing": 6,
|
|
@@ -601,6 +608,7 @@
|
|
|
601
608
|
"idp-incident-response": 12,
|
|
602
609
|
"incident-response-playbook": 20,
|
|
603
610
|
"kernel-lpe-triage": 6,
|
|
611
|
+
"log-injection-telemetry": 0,
|
|
604
612
|
"mail-server-hardening": 0,
|
|
605
613
|
"mcp-agent-trust": 7,
|
|
606
614
|
"mlops-security": 10,
|
|
@@ -13,6 +13,7 @@
|
|
|
13
13
|
"compliance-theater",
|
|
14
14
|
"container-runtime-security",
|
|
15
15
|
"coordinated-vuln-disclosure",
|
|
16
|
+
"decompression-dos",
|
|
16
17
|
"defensive-countermeasure-mapping",
|
|
17
18
|
"dlp-gap-analysis",
|
|
18
19
|
"email-security-anti-phishing",
|
|
@@ -24,6 +25,7 @@
|
|
|
24
25
|
"idp-incident-response",
|
|
25
26
|
"incident-response-playbook",
|
|
26
27
|
"kernel-lpe-triage",
|
|
28
|
+
"log-injection-telemetry",
|
|
27
29
|
"mail-server-hardening",
|
|
28
30
|
"mcp-agent-trust",
|
|
29
31
|
"mlops-security",
|
|
@@ -51,7 +53,7 @@
|
|
|
51
53
|
"zeroday-gap-learn"
|
|
52
54
|
],
|
|
53
55
|
"example_excerpts": {},
|
|
54
|
-
"skill_count":
|
|
56
|
+
"skill_count": 50
|
|
55
57
|
},
|
|
56
58
|
"UK": {
|
|
57
59
|
"skills": [
|
|
@@ -66,6 +68,7 @@
|
|
|
66
68
|
"compliance-theater",
|
|
67
69
|
"container-runtime-security",
|
|
68
70
|
"coordinated-vuln-disclosure",
|
|
71
|
+
"decompression-dos",
|
|
69
72
|
"defensive-countermeasure-mapping",
|
|
70
73
|
"dlp-gap-analysis",
|
|
71
74
|
"email-security-anti-phishing",
|
|
@@ -77,6 +80,7 @@
|
|
|
77
80
|
"idp-incident-response",
|
|
78
81
|
"incident-response-playbook",
|
|
79
82
|
"kernel-lpe-triage",
|
|
83
|
+
"log-injection-telemetry",
|
|
80
84
|
"mcp-agent-trust",
|
|
81
85
|
"mlops-security",
|
|
82
86
|
"multitenancy-isolation",
|
|
@@ -103,7 +107,7 @@
|
|
|
103
107
|
"zeroday-gap-learn"
|
|
104
108
|
],
|
|
105
109
|
"example_excerpts": {},
|
|
106
|
-
"skill_count":
|
|
110
|
+
"skill_count": 48
|
|
107
111
|
},
|
|
108
112
|
"AU": {
|
|
109
113
|
"skills": [
|
|
@@ -118,6 +122,7 @@
|
|
|
118
122
|
"compliance-theater",
|
|
119
123
|
"container-runtime-security",
|
|
120
124
|
"coordinated-vuln-disclosure",
|
|
125
|
+
"decompression-dos",
|
|
121
126
|
"defensive-countermeasure-mapping",
|
|
122
127
|
"dlp-gap-analysis",
|
|
123
128
|
"email-security-anti-phishing",
|
|
@@ -129,6 +134,7 @@
|
|
|
129
134
|
"idp-incident-response",
|
|
130
135
|
"incident-response-playbook",
|
|
131
136
|
"kernel-lpe-triage",
|
|
137
|
+
"log-injection-telemetry",
|
|
132
138
|
"mcp-agent-trust",
|
|
133
139
|
"mlops-security",
|
|
134
140
|
"multitenancy-isolation",
|
|
@@ -153,7 +159,7 @@
|
|
|
153
159
|
"zeroday-gap-learn"
|
|
154
160
|
],
|
|
155
161
|
"example_excerpts": {},
|
|
156
|
-
"skill_count":
|
|
162
|
+
"skill_count": 46
|
|
157
163
|
},
|
|
158
164
|
"SG": {
|
|
159
165
|
"skills": [
|