EpssVulnAssessmentRelationship
Summary
Provides an EPSS assessment for a vulnerability.
Description
An EpssVulnAssessmentRelationship relationship describes the likelihood or probability that a vulnerability will be exploited in the wild, and the percentile ranking of probability relative to all other vulnerabilities' EPSS scores, using the Exploit Prediction Scoring System (EPSS) as defined at The EPSS Model.
Constraints
- The relationship type must be set to hasAssessmentFor.
- The probability must be between 0 and 1.
- The percentile must be between 0 and 1.
Example
{
"type": "EpssVulnAssessmentRelationship",
"spdxId": "urn:spdx.dev:epss-CVE-2020-28498",
"relationshipType": "hasAssessmentFor",
"security_probability": "0.00105",
"security_percentile": "0.42356",
"from": "urn:spdx.dev:vuln-cve-2020-28498",
"to": ["urn:product-acme-application-1.3"],
"suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
"publishedTime": "2023-10-05T00:00:30Z"
}
Metadata
https://spdx.org/rdf/3.0.1/terms/Security/EpssVulnAssessmentRelationship
| Name | EpssVulnAssessmentRelationship |
| Instantiability | Concrete |
| SubclassOf | VulnAssessmentRelationship |
Class hierarchy
/Core/Element
/Core/Relationship
/Security/VulnAssessmentRelationship
/Security/EpssVulnAssessmentRelationship
Properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| percentile | xsd:decimal | 1 | 1 |
| probability | xsd:decimal | 1 | 1 |
External properties cardinality updates
| Property | minCount | maxCount |
|---|---|---|
| publishedTime from /Security/VulnAssessmentRelationship | 1 |
All properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| assessedElement | SoftwareArtifact | 0 | 1 |
| comment | xsd:string | 0 | 1 |
| completeness | RelationshipCompleteness | 0 | 1 |
| creationInfo | CreationInfo | 1 | 1 |
| description | xsd:string | 0 | 1 |
| endTime | DateTime | 0 | 1 |
| extension | Extension | 0 | * |
| externalIdentifier | ExternalIdentifier | 0 | * |
| externalRef | ExternalRef | 0 | * |
| from | Element | 1 | 1 |
| modifiedTime | DateTime | 0 | 1 |
| name | xsd:string | 0 | 1 |
| percentile | xsd:decimal | 1 | 1 |
| probability | xsd:decimal | 1 | 1 |
| publishedTime | DateTime | 1 | 1 |
| relationshipType | RelationshipType | 1 | 1 |
| spdxId | xsd:anyURI | 1 | 1 |
| startTime | DateTime | 0 | 1 |
| summary | xsd:string | 0 | 1 |
| suppliedBy | Agent | 0 | 1 |
| to | Element | 1 | * |
| verifiedUsing | IntegrityMethod | 0 | * |
| withdrawnTime | DateTime | 0 | 1 |