@blamejs/exceptd-skills 0.16.22 → 0.16.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (62) hide show
  1. package/ARCHITECTURE.md +2 -2
  2. package/CHANGELOG.md +42 -0
  3. package/CONTEXT.md +9 -9
  4. package/README.md +3 -3
  5. package/agents/report-generator.md +2 -2
  6. package/agents/skill-updater.md +1 -1
  7. package/agents/source-validator.md +3 -4
  8. package/agents/threat-researcher.md +1 -1
  9. package/bin/exceptd.js +91 -32
  10. package/data/_indexes/_meta.json +10 -10
  11. package/data/_indexes/activity-feed.json +12 -12
  12. package/data/_indexes/chains.json +70435 -4026
  13. package/data/_indexes/frequency.json +492 -163
  14. package/data/_indexes/section-offsets.json +51 -51
  15. package/data/_indexes/summary-cards.json +272 -106
  16. package/data/_indexes/token-budget.json +10 -10
  17. package/data/_indexes/trigger-table.json +15 -6
  18. package/data/_indexes/xref.json +218 -26
  19. package/data/cve-catalog.json +10 -10
  20. package/data/cwe-catalog.json +1 -0
  21. package/lib/auto-discovery.js +39 -1
  22. package/lib/collectors/ai-api.js +112 -7
  23. package/lib/collectors/citation-hygiene.js +27 -0
  24. package/lib/collectors/crypto-codebase.js +25 -0
  25. package/lib/collectors/kernel.js +32 -2
  26. package/lib/collectors/library-author.js +30 -0
  27. package/lib/collectors/runtime.js +38 -3
  28. package/lib/collectors/sbom.js +21 -2
  29. package/lib/collectors/scan-excludes.js +4 -1
  30. package/lib/collectors/secrets.js +125 -0
  31. package/lib/cve-cli.js +9 -1
  32. package/lib/cve-curation.js +8 -1
  33. package/lib/cve-regression-watcher.js +5 -2
  34. package/lib/exit-codes.js +2 -0
  35. package/lib/flag-suggest.js +1 -1
  36. package/lib/lint-skills.js +70 -0
  37. package/lib/playbook-runner.js +75 -14
  38. package/lib/prefetch.js +24 -1
  39. package/lib/refresh-external.js +32 -3
  40. package/lib/rfc-cli.js +8 -1
  41. package/lib/scoring.js +36 -8
  42. package/lib/validate-cve-catalog.js +36 -14
  43. package/lib/validate-package.js +8 -0
  44. package/lib/validate-playbooks.js +42 -0
  45. package/lib/verify.js +4 -3
  46. package/manifest-snapshot.json +4 -2
  47. package/manifest-snapshot.sha256 +1 -1
  48. package/manifest.json +57 -54
  49. package/orchestrator/README.md +1 -1
  50. package/orchestrator/index.js +65 -7
  51. package/orchestrator/scanner.js +53 -5
  52. package/package.json +1 -1
  53. package/sbom.cdx.json +110 -110
  54. package/scripts/build-indexes.js +42 -8
  55. package/scripts/builders/cwe-chains.js +1 -0
  56. package/scripts/builders/section-offsets.js +10 -2
  57. package/scripts/builders/token-budget.js +3 -3
  58. package/scripts/check-changelog-extract.js +38 -1
  59. package/scripts/check-sbom-currency.js +72 -0
  60. package/scripts/check-version-tags.js +5 -0
  61. package/scripts/release.js +22 -15
  62. package/skills/exploit-scoring/skill.md +8 -8
package/data/_indexes/frequency.json CHANGED
@@ -135,8 +135,9 @@
135
135
  ]
136
136
  },
137
137
  "CWE-918": {
138
- "count": 7,
138
+ "count": 8,
139
139
  "skills": [
140
+ "ai-c2-detection",
140
141
  "api-security",
141
142
  "attack-surface-pentest",
142
143
  "log-injection-telemetry",
@@ -468,15 +469,29 @@
468
469
  ]
469
470
  },
470
471
  "D3-EAL": {
471
- "count": 7,
472
+ "count": 14,
472
473
  "skills": [
474
+ "ai-attack-surface",
473
475
  "attack-surface-pentest",
476
+ "cloud-security",
477
+ "container-runtime-security",
474
478
  "defensive-countermeasure-mapping",
475
479
  "dlp-gap-analysis",
476
480
  "fuzz-testing-strategy",
477
481
  "kernel-lpe-triage",
478
482
  "mcp-agent-trust",
479
- "supply-chain-integrity"
483
+ "mlops-security",
484
+ "sector-energy",
485
+ "sector-federal-government",
486
+ "supply-chain-integrity",
487
+ "webapp-security"
488
+ ]
489
+ },
490
+ "D3-PA": {
491
+ "count": 2,
492
+ "skills": [
493
+ "defensive-countermeasure-mapping",
494
+ "kernel-lpe-triage"
480
495
  ]
481
496
  },
482
497
  "D3-PHRA": {
@@ -487,80 +502,150 @@
487
502
  ]
488
503
  },
489
504
  "D3-PSEP": {
490
- "count": 3,
505
+ "count": 5,
491
506
  "skills": [
507
+ "container-runtime-security",
492
508
  "defensive-countermeasure-mapping",
493
509
  "fuzz-testing-strategy",
510
+ "kernel-lpe-triage",
511
+ "sector-energy"
512
+ ]
513
+ },
514
+ "D3-SCP": {
515
+ "count": 2,
516
+ "skills": [
517
+ "defensive-countermeasure-mapping",
494
518
  "kernel-lpe-triage"
495
519
  ]
496
520
  },
497
521
  "D3-IOPR": {
498
- "count": 10,
522
+ "count": 21,
499
523
  "skills": [
524
+ "age-gates-child-safety",
500
525
  "ai-attack-surface",
501
526
  "ai-c2-detection",
527
+ "ai-risk-management",
528
+ "api-security",
502
529
  "cloud-iam-incident",
530
+ "cloud-security",
531
+ "container-runtime-security",
503
532
  "defensive-countermeasure-mapping",
504
533
  "dlp-gap-analysis",
534
+ "email-security-anti-phishing",
505
535
  "fuzz-testing-strategy",
506
536
  "idp-incident-response",
537
+ "incident-response-playbook",
538
+ "mlops-security",
507
539
  "rag-pipeline-security",
508
540
  "ransomware-response",
509
- "sector-telecom"
541
+ "sector-financial",
542
+ "sector-healthcare",
543
+ "sector-telecom",
544
+ "webapp-security"
510
545
  ]
511
546
  },
512
547
  "D3-NTA": {
513
- "count": 10,
548
+ "count": 17,
514
549
  "skills": [
515
550
  "ai-attack-surface",
516
551
  "ai-c2-detection",
552
+ "api-security",
517
553
  "attack-surface-pentest",
518
554
  "cloud-iam-incident",
555
+ "cloud-security",
519
556
  "defensive-countermeasure-mapping",
520
557
  "dlp-gap-analysis",
558
+ "email-security-anti-phishing",
521
559
  "idp-incident-response",
560
+ "incident-response-playbook",
522
561
  "rag-pipeline-security",
523
562
  "ransomware-response",
524
- "sector-telecom"
563
+ "sector-energy",
564
+ "sector-financial",
565
+ "sector-telecom",
566
+ "webapp-security"
525
567
  ]
526
568
  },
527
- "D3-CBAN": {
528
- "count": 5,
569
+ "D3-FAPA": {
570
+ "count": 3,
529
571
  "skills": [
530
- "cloud-iam-incident",
572
+ "ai-attack-surface",
531
573
  "defensive-countermeasure-mapping",
532
- "idp-incident-response",
533
- "mcp-agent-trust",
534
- "supply-chain-integrity"
574
+ "rag-pipeline-security"
535
575
  ]
536
576
  },
537
577
  "D3-CSPP": {
538
- "count": 7,
578
+ "count": 15,
539
579
  "skills": [
580
+ "age-gates-child-safety",
581
+ "ai-attack-surface",
540
582
  "ai-c2-detection",
583
+ "api-security",
541
584
  "attack-surface-pentest",
542
585
  "defensive-countermeasure-mapping",
543
586
  "dlp-gap-analysis",
587
+ "email-security-anti-phishing",
588
+ "identity-assurance",
589
+ "incident-response-playbook",
544
590
  "mcp-agent-trust",
545
591
  "rag-pipeline-security",
546
- "ransomware-response"
592
+ "ransomware-response",
593
+ "sector-healthcare",
594
+ "webapp-security"
595
+ ]
596
+ },
597
+ "D3-CAA": {
598
+ "count": 2,
599
+ "skills": [
600
+ "cloud-iam-incident",
601
+ "mcp-agent-trust"
602
+ ]
603
+ },
604
+ "D3-CBAN": {
605
+ "count": 9,
606
+ "skills": [
607
+ "api-security",
608
+ "cloud-iam-incident",
609
+ "cloud-security",
610
+ "defensive-countermeasure-mapping",
611
+ "idp-incident-response",
612
+ "mcp-agent-trust",
613
+ "sector-federal-government",
614
+ "sector-financial",
615
+ "supply-chain-integrity"
547
616
  ]
548
617
  },
549
618
  "D3-EHB": {
550
- "count": 3,
619
+ "count": 6,
551
620
  "skills": [
621
+ "container-runtime-security",
552
622
  "defensive-countermeasure-mapping",
553
623
  "mcp-agent-trust",
624
+ "mlops-security",
625
+ "sector-federal-government",
554
626
  "supply-chain-integrity"
555
627
  ]
556
628
  },
557
629
  "D3-MFA": {
558
- "count": 4,
630
+ "count": 11,
559
631
  "skills": [
632
+ "age-gates-child-safety",
633
+ "api-security",
560
634
  "cloud-iam-incident",
561
635
  "defensive-countermeasure-mapping",
636
+ "email-security-anti-phishing",
637
+ "identity-assurance",
562
638
  "idp-incident-response",
563
- "mcp-agent-trust"
639
+ "mcp-agent-trust",
640
+ "sector-financial",
641
+ "sector-healthcare",
642
+ "webapp-security"
643
+ ]
644
+ },
645
+ "D3-FCR": {
646
+ "count": 1,
647
+ "skills": [
648
+ "rag-pipeline-security"
564
649
  ]
565
650
  },
566
651
  "D3-CA": {
@@ -578,19 +663,24 @@
578
663
  ]
579
664
  },
580
665
  "D3-NI": {
581
- "count": 3,
666
+ "count": 5,
582
667
  "skills": [
583
668
  "ai-c2-detection",
669
+ "container-runtime-security",
584
670
  "defensive-countermeasure-mapping",
671
+ "sector-energy",
585
672
  "sector-telecom"
586
673
  ]
587
674
  },
588
675
  "D3-NTPM": {
589
- "count": 4,
676
+ "count": 7,
590
677
  "skills": [
591
678
  "ai-c2-detection",
679
+ "cloud-security",
680
+ "container-runtime-security",
592
681
  "defensive-countermeasure-mapping",
593
682
  "dlp-gap-analysis",
683
+ "sector-energy",
594
684
  "sector-telecom"
595
685
  ]
596
686
  },
@@ -608,36 +698,13 @@
608
698
  "pqc-first"
609
699
  ]
610
700
  },
611
- "D3-FAPA": {
612
- "count": 1,
613
- "skills": [
614
- "defensive-countermeasure-mapping"
615
- ]
616
- },
617
- "D3-PA": {
618
- "count": 1,
619
- "skills": [
620
- "defensive-countermeasure-mapping"
621
- ]
622
- },
623
701
  "D3-RPA": {
624
- "count": 2,
702
+ "count": 3,
625
703
  "skills": [
626
704
  "defensive-countermeasure-mapping",
705
+ "incident-response-playbook",
627
706
  "ransomware-response"
628
707
  ]
629
- },
630
- "D3-SCP": {
631
- "count": 1,
632
- "skills": [
633
- "defensive-countermeasure-mapping"
634
- ]
635
- },
636
- "D3-CAA": {
637
- "count": 1,
638
- "skills": [
639
- "cloud-iam-incident"
640
- ]
641
708
  }
642
709
  },
643
710
  "framework_gaps": {
@@ -653,11 +720,14 @@
653
720
  ]
654
721
  },
655
722
  "ISO-27001-2022-A.8.8": {
656
- "count": 3,
723
+ "count": 6,
657
724
  "skills": [
725
+ "attack-surface-pentest",
658
726
  "coordinated-vuln-disclosure",
659
727
  "kernel-lpe-triage",
660
- "mail-server-hardening"
728
+ "mail-server-hardening",
729
+ "ot-ics-security",
730
+ "sector-energy"
661
731
  ]
662
732
  },
663
733
  "PCI-DSS-4.0-6.3.3": {
@@ -691,6 +761,23 @@
691
761
  "kernel-lpe-triage"
692
762
  ]
693
763
  },
764
+ "UK-CAF-D1": {
765
+ "count": 5,
766
+ "skills": [
767
+ "coordinated-vuln-disclosure",
768
+ "incident-response-playbook",
769
+ "kernel-lpe-triage",
770
+ "sector-energy",
771
+ "sector-healthcare"
772
+ ]
773
+ },
774
+ "AU-Essential-8-Patch": {
775
+ "count": 2,
776
+ "skills": [
777
+ "coordinated-vuln-disclosure",
778
+ "kernel-lpe-triage"
779
+ ]
780
+ },
694
781
  "ALL-AI-PIPELINE-INTEGRITY": {
695
782
  "count": 2,
696
783
  "skills": [
@@ -767,6 +854,51 @@
767
854
  "sector-financial"
768
855
  ]
769
856
  },
857
+ "EU-AI-Act-Art-15": {
858
+ "count": 5,
859
+ "skills": [
860
+ "ai-attack-surface",
861
+ "ai-risk-management",
862
+ "mcp-agent-trust",
863
+ "mlops-security",
864
+ "rag-pipeline-security"
865
+ ]
866
+ },
867
+ "UK-CAF-A1": {
868
+ "count": 9,
869
+ "skills": [
870
+ "ai-attack-surface",
871
+ "ai-risk-management",
872
+ "attack-surface-pentest",
873
+ "mcp-agent-trust",
874
+ "mlops-security",
875
+ "sector-federal-government",
876
+ "sector-financial",
877
+ "supply-chain-integrity",
878
+ "threat-modeling-methodology"
879
+ ]
880
+ },
881
+ "AU-Essential-8-App-Hardening": {
882
+ "count": 16,
883
+ "skills": [
884
+ "ai-attack-surface",
885
+ "ai-c2-detection",
886
+ "ai-risk-management",
887
+ "api-security",
888
+ "attack-surface-pentest",
889
+ "container-runtime-security",
890
+ "dlp-gap-analysis",
891
+ "email-security-anti-phishing",
892
+ "mcp-agent-trust",
893
+ "mlops-security",
894
+ "ot-ics-security",
895
+ "rag-pipeline-security",
896
+ "sector-federal-government",
897
+ "supply-chain-integrity",
898
+ "threat-modeling-methodology",
899
+ "webapp-security"
900
+ ]
901
+ },
770
902
  "ALL-MCP-TOOL-TRUST": {
771
903
  "count": 1,
772
904
  "skills": [
@@ -864,6 +996,20 @@
864
996
  "rag-pipeline-security"
865
997
  ]
866
998
  },
999
+ "UK-CAF-B2": {
1000
+ "count": 9,
1001
+ "skills": [
1002
+ "age-gates-child-safety",
1003
+ "api-security",
1004
+ "cloud-security",
1005
+ "container-runtime-security",
1006
+ "identity-assurance",
1007
+ "ot-ics-security",
1008
+ "rag-pipeline-security",
1009
+ "vc-wallet-trust",
1010
+ "webapp-security"
1011
+ ]
1012
+ },
867
1013
  "NIST-800-53-SC-7": {
868
1014
  "count": 2,
869
1015
  "skills": [
@@ -890,6 +1036,35 @@
890
1036
  "incident-response-playbook"
891
1037
  ]
892
1038
  },
1039
+ "NIS2-Art21-incident-handling": {
1040
+ "count": 16,
1041
+ "skills": [
1042
+ "age-gates-child-safety",
1043
+ "ai-c2-detection",
1044
+ "api-security",
1045
+ "cloud-security",
1046
+ "container-runtime-security",
1047
+ "coordinated-vuln-disclosure",
1048
+ "dlp-gap-analysis",
1049
+ "email-security-anti-phishing",
1050
+ "identity-assurance",
1051
+ "incident-response-playbook",
1052
+ "sector-federal-government",
1053
+ "sector-financial",
1054
+ "sector-healthcare",
1055
+ "supply-chain-integrity",
1056
+ "threat-modeling-methodology",
1057
+ "webapp-security"
1058
+ ]
1059
+ },
1060
+ "UK-CAF-C1": {
1061
+ "count": 3,
1062
+ "skills": [
1063
+ "ai-c2-detection",
1064
+ "dlp-gap-analysis",
1065
+ "email-security-anti-phishing"
1066
+ ]
1067
+ },
893
1068
  "NIST-800-53-SC-28": {
894
1069
  "count": 2,
895
1070
  "skills": [
@@ -1001,6 +1176,15 @@
1001
1176
  "sector-financial"
1002
1177
  ]
1003
1178
  },
1179
+ "AU-Essential-8-MFA": {
1180
+ "count": 4,
1181
+ "skills": [
1182
+ "age-gates-child-safety",
1183
+ "cloud-security",
1184
+ "identity-assurance",
1185
+ "sector-financial"
1186
+ ]
1187
+ },
1004
1188
  "NIST-800-82r3": {
1005
1189
  "count": 2,
1006
1190
  "skills": [
@@ -1022,6 +1206,14 @@
1022
1206
  "sector-energy"
1023
1207
  ]
1024
1208
  },
1209
+ "AU-Essential-8-Backup": {
1210
+ "count": 3,
1211
+ "skills": [
1212
+ "incident-response-playbook",
1213
+ "sector-energy",
1214
+ "sector-healthcare"
1215
+ ]
1216
+ },
1025
1217
  "FCC-CPNI-4.1": {
1026
1218
  "count": 1,
1027
1219
  "skills": [
@@ -1216,12 +1408,6 @@
1216
1408
  "idp-incident-response"
1217
1409
  ]
1218
1410
  },
1219
- "UK-CAF-B2": {
1220
- "count": 1,
1221
- "skills": [
1222
- "vc-wallet-trust"
1223
- ]
1224
- },
1225
1411
  "NIS2-Art21-network-security": {
1226
1412
  "count": 8,
1227
1413
  "skills": [
@@ -1911,12 +2097,84 @@
1911
2097
  "pqc-first"
1912
2098
  ]
1913
2099
  },
2100
+ "ISO-29147": {
2101
+ "count": 1,
2102
+ "skills": [
2103
+ "coordinated-vuln-disclosure"
2104
+ ]
2105
+ },
2106
+ "ISO-30111": {
2107
+ "count": 1,
2108
+ "skills": [
2109
+ "coordinated-vuln-disclosure"
2110
+ ]
2111
+ },
2112
+ "RFC-9116": {
2113
+ "count": 1,
2114
+ "skills": [
2115
+ "coordinated-vuln-disclosure"
2116
+ ]
2117
+ },
2118
+ "CSAF-2.0": {
2119
+ "count": 1,
2120
+ "skills": [
2121
+ "coordinated-vuln-disclosure"
2122
+ ]
2123
+ },
1914
2124
  "RFC-9622": {
1915
2125
  "count": 1,
1916
2126
  "skills": [
1917
2127
  "sector-telecom"
1918
2128
  ]
1919
2129
  },
2130
+ "RFC-6545": {
2131
+ "count": 1,
2132
+ "skills": [
2133
+ "incident-response-playbook"
2134
+ ]
2135
+ },
2136
+ "RFC-6546": {
2137
+ "count": 1,
2138
+ "skills": [
2139
+ "incident-response-playbook"
2140
+ ]
2141
+ },
2142
+ "RFC-7970": {
2143
+ "count": 1,
2144
+ "skills": [
2145
+ "incident-response-playbook"
2146
+ ]
2147
+ },
2148
+ "RFC-7489": {
2149
+ "count": 1,
2150
+ "skills": [
2151
+ "email-security-anti-phishing"
2152
+ ]
2153
+ },
2154
+ "RFC-6376": {
2155
+ "count": 1,
2156
+ "skills": [
2157
+ "email-security-anti-phishing"
2158
+ ]
2159
+ },
2160
+ "RFC-7208": {
2161
+ "count": 1,
2162
+ "skills": [
2163
+ "email-security-anti-phishing"
2164
+ ]
2165
+ },
2166
+ "RFC-8616": {
2167
+ "count": 1,
2168
+ "skills": [
2169
+ "email-security-anti-phishing"
2170
+ ]
2171
+ },
2172
+ "RFC-8461": {
2173
+ "count": 1,
2174
+ "skills": [
2175
+ "email-security-anti-phishing"
2176
+ ]
2177
+ },
1920
2178
  "RFC-8693": {
1921
2179
  "count": 1,
1922
2180
  "skills": [
@@ -1988,6 +2246,20 @@
1988
2246
  "webapp-security"
1989
2247
  ]
1990
2248
  },
2249
+ {
2250
+ "id": "CWE-918",
2251
+ "count": 8,
2252
+ "skills": [
2253
+ "ai-c2-detection",
2254
+ "api-security",
2255
+ "attack-surface-pentest",
2256
+ "log-injection-telemetry",
2257
+ "mcp-agent-trust",
2258
+ "network-trust",
2259
+ "sector-telecom",
2260
+ "webapp-security"
2261
+ ]
2262
+ },
1991
2263
  {
1992
2264
  "id": "CWE-798",
1993
2265
  "count": 7,
@@ -2014,19 +2286,6 @@
2014
2286
  "webapp-security"
2015
2287
  ]
2016
2288
  },
2017
- {
2018
- "id": "CWE-918",
2019
- "count": 7,
2020
- "skills": [
2021
- "api-security",
2022
- "attack-surface-pentest",
2023
- "log-injection-telemetry",
2024
- "mcp-agent-trust",
2025
- "network-trust",
2026
- "sector-telecom",
2027
- "webapp-security"
2028
- ]
2029
- },
2030
2289
  {
2031
2290
  "id": "CWE-1188",
2032
2291
  "count": 6,
@@ -2079,122 +2338,250 @@
2079
2338
  "d3fend_refs": [
2080
2339
  {
2081
2340
  "id": "D3-IOPR",
2082
- "count": 10,
2341
+ "count": 21,
2083
2342
  "skills": [
2343
+ "age-gates-child-safety",
2084
2344
  "ai-attack-surface",
2085
2345
  "ai-c2-detection",
2346
+ "ai-risk-management",
2347
+ "api-security",
2086
2348
  "cloud-iam-incident",
2349
+ "cloud-security",
2350
+ "container-runtime-security",
2087
2351
  "defensive-countermeasure-mapping",
2088
2352
  "dlp-gap-analysis",
2353
+ "email-security-anti-phishing",
2089
2354
  "fuzz-testing-strategy",
2090
2355
  "idp-incident-response",
2356
+ "incident-response-playbook",
2357
+ "mlops-security",
2091
2358
  "rag-pipeline-security",
2092
2359
  "ransomware-response",
2093
- "sector-telecom"
2360
+ "sector-financial",
2361
+ "sector-healthcare",
2362
+ "sector-telecom",
2363
+ "webapp-security"
2094
2364
  ]
2095
2365
  },
2096
2366
  {
2097
2367
  "id": "D3-NTA",
2098
- "count": 10,
2368
+ "count": 17,
2099
2369
  "skills": [
2100
2370
  "ai-attack-surface",
2101
2371
  "ai-c2-detection",
2372
+ "api-security",
2102
2373
  "attack-surface-pentest",
2103
2374
  "cloud-iam-incident",
2375
+ "cloud-security",
2104
2376
  "defensive-countermeasure-mapping",
2105
2377
  "dlp-gap-analysis",
2378
+ "email-security-anti-phishing",
2106
2379
  "idp-incident-response",
2380
+ "incident-response-playbook",
2107
2381
  "rag-pipeline-security",
2108
2382
  "ransomware-response",
2109
- "sector-telecom"
2383
+ "sector-energy",
2384
+ "sector-financial",
2385
+ "sector-telecom",
2386
+ "webapp-security"
2110
2387
  ]
2111
2388
  },
2112
2389
  {
2113
2390
  "id": "D3-CSPP",
2114
- "count": 7,
2391
+ "count": 15,
2115
2392
  "skills": [
2393
+ "age-gates-child-safety",
2394
+ "ai-attack-surface",
2116
2395
  "ai-c2-detection",
2396
+ "api-security",
2117
2397
  "attack-surface-pentest",
2118
2398
  "defensive-countermeasure-mapping",
2119
2399
  "dlp-gap-analysis",
2400
+ "email-security-anti-phishing",
2401
+ "identity-assurance",
2402
+ "incident-response-playbook",
2120
2403
  "mcp-agent-trust",
2121
2404
  "rag-pipeline-security",
2122
- "ransomware-response"
2405
+ "ransomware-response",
2406
+ "sector-healthcare",
2407
+ "webapp-security"
2123
2408
  ]
2124
2409
  },
2125
2410
  {
2126
2411
  "id": "D3-EAL",
2127
- "count": 7,
2412
+ "count": 14,
2128
2413
  "skills": [
2414
+ "ai-attack-surface",
2129
2415
  "attack-surface-pentest",
2416
+ "cloud-security",
2417
+ "container-runtime-security",
2130
2418
  "defensive-countermeasure-mapping",
2131
2419
  "dlp-gap-analysis",
2132
2420
  "fuzz-testing-strategy",
2133
2421
  "kernel-lpe-triage",
2134
2422
  "mcp-agent-trust",
2135
- "supply-chain-integrity"
2423
+ "mlops-security",
2424
+ "sector-energy",
2425
+ "sector-federal-government",
2426
+ "supply-chain-integrity",
2427
+ "webapp-security"
2136
2428
  ]
2137
2429
  },
2138
2430
  {
2139
- "id": "D3-CBAN",
2140
- "count": 5,
2431
+ "id": "D3-MFA",
2432
+ "count": 11,
2141
2433
  "skills": [
2434
+ "age-gates-child-safety",
2435
+ "api-security",
2142
2436
  "cloud-iam-incident",
2143
2437
  "defensive-countermeasure-mapping",
2438
+ "email-security-anti-phishing",
2439
+ "identity-assurance",
2144
2440
  "idp-incident-response",
2145
2441
  "mcp-agent-trust",
2146
- "supply-chain-integrity"
2442
+ "sector-financial",
2443
+ "sector-healthcare",
2444
+ "webapp-security"
2147
2445
  ]
2148
2446
  },
2149
2447
  {
2150
- "id": "D3-MFA",
2151
- "count": 4,
2448
+ "id": "D3-CBAN",
2449
+ "count": 9,
2152
2450
  "skills": [
2451
+ "api-security",
2153
2452
  "cloud-iam-incident",
2453
+ "cloud-security",
2154
2454
  "defensive-countermeasure-mapping",
2155
2455
  "idp-incident-response",
2156
- "mcp-agent-trust"
2456
+ "mcp-agent-trust",
2457
+ "sector-federal-government",
2458
+ "sector-financial",
2459
+ "supply-chain-integrity"
2157
2460
  ]
2158
2461
  },
2159
2462
  {
2160
2463
  "id": "D3-NTPM",
2161
- "count": 4,
2464
+ "count": 7,
2162
2465
  "skills": [
2163
2466
  "ai-c2-detection",
2467
+ "cloud-security",
2468
+ "container-runtime-security",
2164
2469
  "defensive-countermeasure-mapping",
2165
2470
  "dlp-gap-analysis",
2471
+ "sector-energy",
2166
2472
  "sector-telecom"
2167
2473
  ]
2168
2474
  },
2169
2475
  {
2170
2476
  "id": "D3-EHB",
2171
- "count": 3,
2477
+ "count": 6,
2172
2478
  "skills": [
2479
+ "container-runtime-security",
2173
2480
  "defensive-countermeasure-mapping",
2174
2481
  "mcp-agent-trust",
2482
+ "mlops-security",
2483
+ "sector-federal-government",
2175
2484
  "supply-chain-integrity"
2176
2485
  ]
2177
2486
  },
2178
2487
  {
2179
2488
  "id": "D3-NI",
2180
- "count": 3,
2489
+ "count": 5,
2181
2490
  "skills": [
2182
2491
  "ai-c2-detection",
2492
+ "container-runtime-security",
2183
2493
  "defensive-countermeasure-mapping",
2494
+ "sector-energy",
2184
2495
  "sector-telecom"
2185
2496
  ]
2186
2497
  },
2187
2498
  {
2188
2499
  "id": "D3-PSEP",
2189
- "count": 3,
2500
+ "count": 5,
2190
2501
  "skills": [
2502
+ "container-runtime-security",
2191
2503
  "defensive-countermeasure-mapping",
2192
2504
  "fuzz-testing-strategy",
2193
- "kernel-lpe-triage"
2505
+ "kernel-lpe-triage",
2506
+ "sector-energy"
2194
2507
  ]
2195
2508
  }
2196
2509
  ],
2197
2510
  "framework_gaps": [
2511
+ {
2512
+ "id": "AU-Essential-8-App-Hardening",
2513
+ "count": 16,
2514
+ "skills": [
2515
+ "ai-attack-surface",
2516
+ "ai-c2-detection",
2517
+ "ai-risk-management",
2518
+ "api-security",
2519
+ "attack-surface-pentest",
2520
+ "container-runtime-security",
2521
+ "dlp-gap-analysis",
2522
+ "email-security-anti-phishing",
2523
+ "mcp-agent-trust",
2524
+ "mlops-security",
2525
+ "ot-ics-security",
2526
+ "rag-pipeline-security",
2527
+ "sector-federal-government",
2528
+ "supply-chain-integrity",
2529
+ "threat-modeling-methodology",
2530
+ "webapp-security"
2531
+ ]
2532
+ },
2533
+ {
2534
+ "id": "NIS2-Art21-incident-handling",
2535
+ "count": 16,
2536
+ "skills": [
2537
+ "age-gates-child-safety",
2538
+ "ai-c2-detection",
2539
+ "api-security",
2540
+ "cloud-security",
2541
+ "container-runtime-security",
2542
+ "coordinated-vuln-disclosure",
2543
+ "dlp-gap-analysis",
2544
+ "email-security-anti-phishing",
2545
+ "identity-assurance",
2546
+ "incident-response-playbook",
2547
+ "sector-federal-government",
2548
+ "sector-financial",
2549
+ "sector-healthcare",
2550
+ "supply-chain-integrity",
2551
+ "threat-modeling-methodology",
2552
+ "webapp-security"
2553
+ ]
2554
+ },
2555
+ {
2556
+ "id": "UK-CAF-A1",
2557
+ "count": 9,
2558
+ "skills": [
2559
+ "ai-attack-surface",
2560
+ "ai-risk-management",
2561
+ "attack-surface-pentest",
2562
+ "mcp-agent-trust",
2563
+ "mlops-security",
2564
+ "sector-federal-government",
2565
+ "sector-financial",
2566
+ "supply-chain-integrity",
2567
+ "threat-modeling-methodology"
2568
+ ]
2569
+ },
2570
+ {
2571
+ "id": "UK-CAF-B2",
2572
+ "count": 9,
2573
+ "skills": [
2574
+ "age-gates-child-safety",
2575
+ "api-security",
2576
+ "cloud-security",
2577
+ "container-runtime-security",
2578
+ "identity-assurance",
2579
+ "ot-ics-security",
2580
+ "rag-pipeline-security",
2581
+ "vc-wallet-trust",
2582
+ "webapp-security"
2583
+ ]
2584
+ },
2198
2585
  {
2199
2586
  "id": "NIS2-Art21-network-security",
2200
2587
  "count": 8,
@@ -2261,59 +2648,15 @@
2261
2648
  ]
2262
2649
  },
2263
2650
  {
2264
- "id": "NIST-800-53-SI-2",
2651
+ "id": "ISO-27001-2022-A.8.8",
2265
2652
  "count": 6,
2266
2653
  "skills": [
2267
- "audit-log-integrity",
2268
- "decompression-dos",
2654
+ "attack-surface-pentest",
2655
+ "coordinated-vuln-disclosure",
2269
2656
  "kernel-lpe-triage",
2270
- "log-injection-telemetry",
2271
2657
  "mail-server-hardening",
2272
- "privacy-consent-ops"
2273
- ]
2274
- },
2275
- {
2276
- "id": "UK-CAF-B4",
2277
- "count": 6,
2278
- "skills": [
2279
- "decompression-dos",
2280
- "log-injection-telemetry",
2281
- "multitenancy-isolation",
2282
- "network-trust",
2283
- "privacy-consent-ops",
2284
- "self-update-integrity"
2285
- ]
2286
- },
2287
- {
2288
- "id": "ISO-27001-2022-A.8.30",
2289
- "count": 5,
2290
- "skills": [
2291
- "age-gates-child-safety",
2292
- "cloud-security",
2293
- "identity-assurance",
2294
- "mcp-agent-trust",
2295
- "sector-healthcare"
2296
- ]
2297
- },
2298
- {
2299
- "id": "SOC2-CC7-anomaly-detection",
2300
- "count": 5,
2301
- "skills": [
2302
- "ai-c2-detection",
2303
- "audit-log-integrity",
2304
- "dlp-gap-analysis",
2305
- "email-security-anti-phishing",
2306
- "incident-response-playbook"
2307
- ]
2308
- },
2309
- {
2310
- "id": "FedRAMP-Rev5-Moderate",
2311
- "count": 4,
2312
- "skills": [
2313
- "cloud-security",
2314
- "compliance-theater",
2315
- "sector-federal-government",
2316
- "supply-chain-integrity"
2658
+ "ot-ics-security",
2659
+ "sector-energy"
2317
2660
  ]
2318
2661
  }
2319
2662
  ],
@@ -2691,10 +3034,7 @@
2691
3034
  "CWE-93"
2692
3035
  ],
2693
3036
  "d3fend_refs": [
2694
- "D3-CAA",
2695
- "D3-FAPA",
2696
- "D3-PA",
2697
- "D3-SCP"
3037
+ "D3-FCR"
2698
3038
  ],
2699
3039
  "framework_gaps": [
2700
3040
  "3GPP-TR-33.926",
@@ -2733,7 +3073,6 @@
2733
3073
  "SOC2-CC6-Access-Key-Leak-Public-Repo",
2734
3074
  "SOC2-CC6-OAuth-Consent",
2735
3075
  "SPDX-v3.0-SBOM",
2736
- "UK-CAF-B2",
2737
3076
  "UK-CAF-B2-Cloud-IAM",
2738
3077
  "UK-CAF-B2-IdP-Tenant",
2739
3078
  "UK-CAF-B5",
@@ -2770,16 +3109,28 @@
2770
3109
  "T1611"
2771
3110
  ],
2772
3111
  "rfc_refs": [
3112
+ "CSAF-2.0",
2773
3113
  "DRAFT-IETF-TLS-ECDHE-MLKEM",
2774
3114
  "DRAFT-IETF-TLS-HYBRID-DESIGN",
3115
+ "ISO-29147",
3116
+ "ISO-30111",
2775
3117
  "RFC-4301",
2776
3118
  "RFC-4303",
3119
+ "RFC-6376",
3120
+ "RFC-6545",
3121
+ "RFC-6546",
3122
+ "RFC-7208",
2777
3123
  "RFC-7296",
3124
+ "RFC-7489",
2778
3125
  "RFC-7591",
3126
+ "RFC-7970",
3127
+ "RFC-8461",
3128
+ "RFC-8616",
2779
3129
  "RFC-8693",
2780
3130
  "RFC-9000",
2781
3131
  "RFC-9068",
2782
3132
  "RFC-9106",
3133
+ "RFC-9116",
2783
3134
  "RFC-9420",
2784
3135
  "RFC-9622",
2785
3136
  "RFC-9794"
@@ -3170,7 +3521,6 @@
3170
3521
  "D3-FCA",
3171
3522
  "D3-FCDC",
3172
3523
  "D3-FCOA",
3173
- "D3-FCR",
3174
3524
  "D3-FEMC",
3175
3525
  "D3-FEV",
3176
3526
  "D3-FFV",
@@ -3526,10 +3876,6 @@
3526
3876
  ],
3527
3877
  "framework_gaps": [
3528
3878
  "ATLAS-AML.T0048",
3529
- "AU-Essential-8-App-Hardening",
3530
- "AU-Essential-8-Backup",
3531
- "AU-Essential-8-MFA",
3532
- "AU-Essential-8-Patch",
3533
3879
  "AU-ISM-1546",
3534
3880
  "AU-ISM-1808",
3535
3881
  "CIS-Controls-v8-10.1",
@@ -3548,7 +3894,6 @@
3548
3894
  "ENISA-IoT-security-baseline",
3549
3895
  "ENISA-mobile-secure-baseline",
3550
3896
  "EU-AI-Act-Annex-IX-Conformity",
3551
- "EU-AI-Act-Art-15",
3552
3897
  "EU-AI-Act-Art-53-GPAI",
3553
3898
  "EU-AI-Act-Art-55-Systemic",
3554
3899
  "EU-AI-Act-Art10",
@@ -3580,7 +3925,6 @@
3580
3925
  "NIS2-Art21-availability",
3581
3926
  "NIS2-Art21-business-continuity",
3582
3927
  "NIS2-Art21-identity-management",
3583
- "NIS2-Art21-incident-handling",
3584
3928
  "NIS2-Art21-supply-chain",
3585
3929
  "NIS2-Art21-vulnerability-handling",
3586
3930
  "NIS2-Art21-vulnerability-management",
@@ -3628,15 +3972,9 @@
3628
3972
  "PCI-DSS-4.0.1-12.3.3",
3629
3973
  "PCI-DSS-4.0.1-6.4.3",
3630
3974
  "SLSA-3",
3631
- "SLSA-v1.0-Source-L3",
3632
- "UK-CAF-A1",
3633
- "UK-CAF-C1",
3634
- "UK-CAF-D1"
3975
+ "SLSA-v1.0-Source-L3"
3635
3976
  ],
3636
3977
  "rfc_refs": [
3637
- "CSAF-2.0",
3638
- "ISO-29147",
3639
- "ISO-30111",
3640
3978
  "RFC-1001",
3641
3979
  "RFC-1002",
3642
3980
  "RFC-1004",
@@ -8858,7 +9196,6 @@
8858
9196
  "RFC-6373",
8859
9197
  "RFC-6374",
8860
9198
  "RFC-6375",
8861
- "RFC-6376",
8862
9199
  "RFC-6377",
8863
9200
  "RFC-6378",
8864
9201
  "RFC-6379",
@@ -9024,8 +9361,6 @@
9024
9361
  "RFC-6542",
9025
9362
  "RFC-6543",
9026
9363
  "RFC-6544",
9027
- "RFC-6545",
9028
- "RFC-6546",
9029
9364
  "RFC-6547",
9030
9365
  "RFC-6548",
9031
9366
  "RFC-6549",
@@ -9681,7 +10016,6 @@
9681
10016
  "RFC-7205",
9682
10017
  "RFC-7206",
9683
10018
  "RFC-7207",
9684
- "RFC-7208",
9685
10019
  "RFC-7209",
9686
10020
  "RFC-721",
9687
10021
  "RFC-7210",
@@ -9968,7 +10302,6 @@
9968
10302
  "RFC-7486",
9969
10303
  "RFC-7487",
9970
10304
  "RFC-7488",
9971
- "RFC-7489",
9972
10305
  "RFC-749",
9973
10306
  "RFC-7490",
9974
10307
  "RFC-7491",
@@ -10465,7 +10798,6 @@
10465
10798
  "RFC-7967",
10466
10799
  "RFC-7968",
10467
10800
  "RFC-7969",
10468
- "RFC-7970",
10469
10801
  "RFC-7971",
10470
10802
  "RFC-7972",
10471
10803
  "RFC-7973",
@@ -10966,7 +11298,6 @@
10966
11298
  "RFC-8458",
10967
11299
  "RFC-8459",
10968
11300
  "RFC-8460",
10969
- "RFC-8461",
10970
11301
  "RFC-8462",
10971
11302
  "RFC-8463",
10972
11303
  "RFC-8464",
@@ -11125,7 +11456,6 @@
11125
11456
  "RFC-8613",
11126
11457
  "RFC-8614",
11127
11458
  "RFC-8615",
11128
- "RFC-8616",
11129
11459
  "RFC-8617",
11130
11460
  "RFC-8618",
11131
11461
  "RFC-8619",
@@ -11639,7 +11969,6 @@
11639
11969
  "RFC-9112",
11640
11970
  "RFC-9113",
11641
11971
  "RFC-9115",
11642
- "RFC-9116",
11643
11972
  "RFC-9117",
11644
11973
  "RFC-9118",
11645
11974
  "RFC-9119",