EpssVulnAssessmentRelationship
Summary
Provides an EPSS assessment for a vulnerability.
Description
An EpssVulnAssessmentRelationship relationship describes the likelihood or probability that a vulnerability will be exploited in the wild, and the percentile ranking of probability relative to all other vulnerabilities' EPSS scores, using the Exploit Prediction Scoring System (EPSS) as defined at The EPSS Model.
Constraints
- The relationship type shall be set to hasAssessmentFor.
- The probability shall be between 0 and 1.
- The percentile shall be between 0 and 1.
Example
{
"type": "security_EpssVulnAssessmentRelationship",
"spdxId": "urn:spdx.dev:epss-CVE-2020-28498",
"relationshipType": "hasAssessmentFor",
"security_probability": "0.00105",
"security_percentile": "0.42356",
"from": "urn:spdx.dev:vuln-cve-2020-28498",
"to": ["urn:product-acme-application-1.3"],
"suppliedBy": "urn:spdx.dev:agent-jane-doe",
"security_publishedTime": "2023-10-05T00:00:30Z"
}
Metadata
https://spdx.org/rdf/3.1/terms/Security/EpssVulnAssessmentRelationship
| Name | EpssVulnAssessmentRelationship |
| Instantiability | Concrete |
| SubclassOf | VulnAssessmentRelationship |
Class hierarchy
/Core/Element
/Core/Relationship
/Security/VulnAssessmentRelationship
/Security/EpssVulnAssessmentRelationship
Properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| percentile | xsd:decimal | 1 | 1 |
| probability | xsd:decimal | 1 | 1 |
External properties cardinality updates
| Property | minCount | maxCount |
|---|---|---|
| publishedTime from /Security/VulnAssessmentRelationship | 1 |
All properties
| Property | Type | minCount | maxCount |
|---|---|---|---|
| assessedElement | SoftwareArtifact | 0 | 1 |
| comment | xsd:string | 0 | 1 |
| completeness | RelationshipCompleteness | 0 | 1 |
| creationInfo | CreationInfo | 1 | 1 |
| description | xsd:string | 0 | 1 |
| endTime | DateTime | 0 | 1 |
| extension | Extension | 0 | * |
| externalIdentifier | ExternalIdentifier | 0 | * |
| externalRef | ExternalRef | 0 | * |
| from | Element | 1 | 1 |
| modifiedTime | DateTime | 0 | 1 |
| name | xsd:string | 0 | 1 |
| percentile | xsd:decimal | 1 | 1 |
| probability | xsd:decimal | 1 | 1 |
| publishedTime | DateTime | 1 | 1 |
| relationshipType | RelationshipType | 1 | 1 |
| spdxId | xsd:anyURI | 1 | 1 |
| startTime | DateTime | 0 | 1 |
| summary | xsd:string | 0 | 1 |
| suppliedBy | Agent | 0 | 1 |
| to | Element | 1 | * |
| verifiedUsing | IntegrityMethod | 0 | * |
| withdrawnTime | DateTime | 0 | 1 |