您的组织名称:
北京Moyunsec Technology Co.,Ltd 网站:
www.vackbot.com
兼容功能:
Vackbot 功能主页:
www.vackbot.com/products/vackbot
一般能力问题 产品可访问性
简要说明如何以及在何处将您的能力提供给客户和公众(必需的):
1.在官方网站上https://www.vackbot.com/,如图1所示。
Figure-1 Homepage
2.单击图2中的红色圆圈“申请使用”。
图2工具申请试验
3.输入应用程序信息,然后单击“提交”按钮提交申请,如图3所示。
图-3提交申请信息
4. After receiving the application, we will send the login address, user name, password and user manual to your email.
Mapping Questions Map Currency Indication
描述您的功能指示最新的CWE内容用于创建或更新其映射的方法(必需的):
我们定期更新组件库,其中包含最新的CWE合规性内容。组件库更新以升级软件包的形式提供,Vackbot平台在线或离线获得。
Map Currency Update Approach
Indicate how often you plan on updating the mappings to reflect the current CWE content and describe your approach to keeping reasonably current with the CWE content when mapping them to your repository(受到推崇的):
参考<CR.6.1>。
MAP CURRENCY UPDATE TIME
描述您向客户解释的时间和地点,他们应该期望您能力映射的更新反映新近可用的CWE内容(必需的):
编程研究每年都会发布产品更新,并向客户告知更改,包括更新CWE功能映射。
Documentation Questions CWE和兼容性文档
Provide a copy, or directions to its location, of where your documentation describes CWE and CWE compatibility for your customers(必需的):
VackBot提供组件管理系统。用户可以在系统中搜索CWE信息。
DOCUMENTATION OF FINDING ELEMENTS USING CWE IDENTIFIERS
Provide a copy, or directions to its location, of where your documentation describes the specific details of how your customers can use CWE identifiers to find the individual security elements within your capability’s repository(必需的):
Vackbot产品中呈现的结果使客户能够通过相关的CWE映射通过CWE和/或组问题进行搜索。
使用元素查找CWE标识符的文档
Provide a copy, or directions to its location, of where your documentation describes the process a user would follow to find the CWE identifiers associated with individual security elements within your capability’s repository(必需的):
According to the CWE information displayed by the Vackbot platform in the scenario configuration, the CWE information, including description and solution, can be searched in the component management system.
(1) Log in to Vackbot and click "Scenario Management" to find the list of components. You can see the CWE code and its information.
Figure-4
Figure-5
(2)登录到“组件管理系统”,并根据CWE代码搜索CWE信息。 
Figure-6 (3)Click on the CWE item to see the details. 
Figure-7 DOCUMENTATION INDEXING OF CWE-RELATED MATERIAL
如果您的文档包括索引,请提供您在索引中“ CWE”下列出的项目和资源的副本。或者,提供指示这些“ CWE”项目在您的网站上发布的位置(受到推崇的):
参考<Cr.5.3>。
Type-Specific Capability Questions
Tool Questions 使用CWE标识符查找任务
给出详细的示例和解释用户如何通过寻找关联的CWE标识符来定位工具中的任务(必需的):
参考<Cr.5.3>。
使用报告中的元素查找CWE标识符
Give detailed examples and explanations of how, for reports that identify individual security elements, the tool allows the user to determine the associated CWE identifier for the individual security elements in the report(必需的):
参考<Cr.5.3>。
获取声称的CWE标识符覆盖范围
Give detailed examples and explanations of how a user can obtain a listing of all of the CWE identifiers that the owner claims the tool is effective at locating in software(必需的):
参考<Cr.5.3>。
USING CCR TO PROVIDE CLAIMED CWE IDENTIFIER COVERAGE
对用户如何使用所有CWE标识符找到覆盖范围索赔表示(CCR)XML文档的详细说明(受到推崇的):):
我们尚未提供CCR XML文档。
GETTING A LIST OF CWE IDENTIFIERS ASSOCIATED WITH TASKS
Give detailed examples and explanations of how a user can obtain a listing of all of the CWE identifiers that are associated with the tool’s tasks(受到推崇的):
参考<Cr.5.3>。
使用CWE标识符列表选择任务
描述用户通过提供CWE标识符列表的文件来选择一组任务的步骤和格式(受到推崇的):
Vackbot不提供此类功能。但是,VackBot提供了各种方法来查找CWE标识符的缺陷。因此,执行此类任务并不难。请查看<的答案Cr.5.3>。
使用单个CWE标识符选择任务
描述用户将通过使用单个CWE标识符浏览,选择和取消选择该工具的一组任务的步骤(受到推崇的):
参考<Cr.5.3>。
请求的CWE标识符的非支持通知
Provide a description of how the tool notifies the user that a task associated with a selected CWE Identifier cannot be performed(受到推崇的):
If a user gives an identifier of unsupported CWE, there will be either no data shown or a dialog saying that result does not exist. Vackbot does not provide a list of unsupported CWEs in the UI.
媒体问题 电子文档格式信息
提供有关您提供的不同电子文档格式的详细信息,并描述如何搜索它们与CWE相关的特定文本(必需的):
Our electronic document format is PDF or Excel. So users can easily search for specific CWE-related text by keyword searching. For example, we open the CWE Mapping Relations document, and search "cwe" by pressing "Ctrl + f", as shown in figure 8.
图8
CWE标识符的电子文档列表
If one of the capability’s standard electronic documents only lists security elements by their short names or titles provide example documents that demonstrate how the associated CWE identifiers are listed for each individual security element(必需的):
我们以表格的形式列出了映射关系,并且文档格式为excle。用户可以通过搜索组件序列号或组件关键字来轻松找到相关的CWE ID。
图形用户界面(GUI)问题 FINDING ELEMENTS USING CWE IDENTIFIERS THROUGH THE GUI
给出详细的示例和解释GUI如何为用户提供“查找”或“搜索”功能,以通过寻找其关联的CWE标识符来识别您的功能元素(必需的):
参考<Cr.5.3>。
GUI元素到CWE标识符映射
简要描述如何为单个安全元素列出相关的CWE标识符,或讨论用户如何使用CWE标识符和功能元素之间的映射,还描述了映射的格式(必需的):
参考<Cr.5.3>。
Questions for Signature STATEMENT OF COMPATIBILITY
Have an authorized individual sign and date the following Compatibility Statement(必需的):
“As an authorized representative of my organization I agree that we will abide by all of the mandatory CWE Compatibility Requirements as well as all of the additional mandatory CWE Compatibility Requirements that are appropriate for our specific type of capability."
姓名:Huixin Duan
标题:
准确性
拥有授权的个人标志和日期,以下准确性声明(受到推崇的):
“As an authorized representative of my organization and to the best of my knowledge, there are no errors in the mapping between our capability's Repository and the CWE identifiers our capability reports, and those CWE identifiers are as specific as possible within the available CWE repository."
姓名:Huixin Duan
标题:
STATEMENT ON FALSE-POSITIVES AND FALSE-NEGATIVES and/or
仅对于工具和服务 - 拥有授权的个人标志和日期,以下有关您的工具效率的说明,以识别安全元素(必需的):
“作为我组织的授权代表,据我所知,通常在我们的能力报告特定的安全元素时,通常是正确的,通常是当发生与特定安全元素相关的事件时,我们的能力通常将其报告。“
姓名:Huixin Duan
标题:
|
普遍的弱点
Podcast
Medium
万博下载包新闻档案
