Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Granular Vulnerability Description Characterization

Provides a rich, intuitive structure
to describe a vulnerability

Learn More

Standardize your vulnerability descriptions.

The Vulntology supports the expression of characterization details about:

  • How can a vulnerability be exploited?
  • What will the impact of that exploit be?
  • What mitigating factors can make exploitation difficult?

These details are provided in the context of a given attack scenario, which may differ in characteristics from other scenarios for the same vulnerability.

The Vulntology is not intended to be a general purpose format for describing vulnerability information. Instead, the Vulntology is intended to be a drop-in replacement for a vulnerability description. The Vulntology project will avoid duplicating work in other formats to the greatest extent possible. Due to the relational approach used, the Vulntology may provide some overlapping details as a means to define a given scenario, such as affected product information.

Goals

  • To standardize the description of vulnerabilities through structured characterization formatting.
  • To enable automated scoring agnostic of any particular system.
  • To improve the level of detail in provided information for the purpose of assisting with defense while minimizing increased risk from attacks.
  • To assist in establishing a baseline of the minimum information needed to properly inform downstream vulnerability management processes.
  • To allow for easier vulnerability information sharing across language barriers

This page was last updated on October 19, 2023.