Semantic web ecosystem based on CVE (NVD, CPE), CWE and CAPEC
DOI:
https://doi.org/10.60063/gsu.fmi.108.29-45Keywords:
CAPEC, CPE, CVE, CWE, cybersecurity, NVD, semantic webAbstract
CVE (NVD, CPE), CWE and CAPEC are databases in the Cybersecurity area sponsored and maintained by the US government. These are lists (databases) organized in taxonomies where it is appropriate. They contain information about known vulnerabilities, weaknesses and attacks. CVE (NVD, CPE), CWE and CAPEC are the corner stone in many cybersecurity tools.
The usage of traditional database systems for the tasks in the cybersecurity require extended knowledge and skills in querying for identification of vulnerabilities, weaknesses and attacks. CVE (NVD, CPE), CWE and CAPEC contain hidden facts and relationships (knowledge) buried in the data. This knowledge can be effectively accessed by the Semantic web tools.
The paper presents an approach for transition to the Semantic web of above-mentioned databases. The approach is presented in illustrative way. This means without duplication with information about the contents available for CVE (NVD, CPE), CWE and CAPEC.