Spike: Investigate storing CWE top 25 labels to vulnerabilities metadata
Summary
To support Vulnerability groping by OWASP top 10 and CWE top 25, we would require the standard convention tagging of the vulnerability to be present. Currently we do not have these details in the backend.
Note that we should also consider and investigate if there is a scenario that a vulnerability will be part of multiple conventions like CWE, OWASP, CVE
Related Issues
Goal
At the end of this Spike investigation we should have an implementation plan on how to store CWE top 25, OWASP top 10 labels along with the vulnerabilities metadata.
Edited by Bala Kumar