EpssVulnAssessmentRelationship

Summary

Provides an EPSS assessment for a vulnerability.

Description

An EpssVulnAssessmentRelationship relationship describes the likelihood or probability that a vulnerability will be exploited in the wild, and the percentile ranking of probability relative to all other vulnerabilities' EPSS scores, using the Exploit Prediction Scoring System (EPSS) as defined at The EPSS Model.

Constraints

  • The relationship type must be set to hasAssessmentFor.
  • The probability must be between 0 and 1.
  • The percentile must be between 0 and 1.

Example

{
  "type": "EpssVulnAssessmentRelationship",
  "spdxId": "urn:spdx.dev:epss-CVE-2020-28498",
  "relationshipType": "hasAssessmentFor",
  "security_probability": "0.00105",
  "security_percentile": "0.42356",
  "from": "urn:spdx.dev:vuln-cve-2020-28498",
  "to": ["urn:product-acme-application-1.3"],
  "suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
  "publishedTime": "2023-10-05T00:00:30Z"
}

Metadata

https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship

Name EpssVulnAssessmentRelationship
Instantiability Concrete
SubclassOf VulnAssessmentRelationship

Superclasses

/Core/Element
       /Core/Relationship
             /Security/VulnAssessmentRelationship
                   /Security/EpssVulnAssessmentRelationship

Properties

Property Type minCount maxCount
percentile xsd:decimal 1 1
probability xsd:decimal 1 1

External properties cardinality updates

Property minCount maxCount
publishedTime from /Security/VulnAssessmentRelationship 1

All properties

Property Type minCount maxCount
assessedElement SoftwareArtifact 0 1
comment xsd:string 0 1
completeness RelationshipCompleteness 0 1
creationInfo CreationInfo 1 1
description xsd:string 0 1
endTime DateTime 0 1
extension Extension 0 *
externalIdentifier ExternalIdentifier 0 *
externalRef ExternalRef 0 *
from Element 1 1
modifiedTime DateTime 0 1
name xsd:string 0 1
percentile xsd:decimal 1 1
probability xsd:decimal 1 1
publishedTime DateTime 1 1
relationshipType RelationshipType 1 1
spdxId xsd:anyURI 1 1
startTime DateTime 0 1
summary xsd:string 0 1
suppliedBy Agent 0 1
to Element 1 *
verifiedUsing IntegrityMethod 0 *
withdrawnTime DateTime 0 1