Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web3 vulnerabilities classification #14

Closed
kajaaz opened this issue Jul 10, 2024 · 5 comments
Closed

Web3 vulnerabilities classification #14

kajaaz opened this issue Jul 10, 2024 · 5 comments
Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested

Comments

@kajaaz
Copy link

kajaaz commented Jul 10, 2024

Hey,

I just wondered if you already have think about a model for web3 vulnerabilities classification to collect them in a database like the MITRE's one ?

Thanks
@kajaaz
Copy link
Author

kajaaz commented Jul 10, 2024

Currently, I am only aware of the EEA EthTrust : https://entethalliance.github.io/eta-registry/security-levels-spec.html

@pcaversaccio
Copy link
Collaborator

I think they did a decent job: https://dl.acm.org/doi/fullHtml/10.1145/3391195#sec-9

image

@kajaaz
Copy link
Author

kajaaz commented Jul 10, 2024

@pcaversaccio Yes I was aware of that work but it is from 2020, so the vulnerabilities types are a bit old. I was more looking for a vulnerabilities classification scheme like the CVE (e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-40014). Would it be relevant to create a scheme specific to web3 vulnerabilities or should we follow the NIST one ?

@pcaversaccio
Copy link
Collaborator

@pcaversaccio Yes I was aware of that work but it is from 2020, so the vulnerabilities types are a bit old. I was more looking for a vulnerabilities classification scheme like the CVE (e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-40014). Would it be relevant to create a scheme specific to web3 vulnerabilities or should we follow the NIST one ?

I don't have the perfect answer here yet tbh. Will think about it and ask other SEAL members.

@pcaversaccio pcaversaccio added help wanted Extra attention is needed enhancement New feature or request question Further information is requested labels Aug 28, 2024
@pcaversaccio
Copy link
Collaborator

@kajaaz we're moving the discussion to this new issue here: security-alliance/frameworks#69. Thus, I will close the issue here.

@pcaversaccio pcaversaccio mentioned this issue Sep 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pcaversaccio @kajaaz