Adhering to our aim for AVID resources to be expandable and adaptable to practitioner needs, we have adapted the MISP Taxonomy System to standardize and share the two views of our taxonomy. MISP taxonomies are used to tags cybersecurity events, indicators, and threats using three components:
namespaceis an unique identifier of the taxonomy being used
predicateis a high-level category
valueis a low-level subcategory under a predicate.
Each MISP taxonomy is specified using a single JSON file that contains the namespace, a list of predicates, lists of values under each predicate, and auxiliary metadata. Below is a sample schema:
This specification can be used to tag any relevant threat information as
namespace:predicate:value. As long as a taxonomy is specified using the above structure, tags can be generated in the above structure, providing the user with the flexibility of using multiple taxonomies, some of which may be specific to their own application context.
The MISP tags for this vulnerability will be the following:
Using the MISP format allows us to seamlessly integrate arbitrary taxonomies into the AVID database and related workflows. This is crucial for driving practitioner adoption, since AI developers and vendors often work off of operational taxonomies specific to the context of their domain of application. Examples of such deep taxonomies/categorizations include MITRE ATLAS, taxonomies for downstream harms and LLM risks, and Risk Cards. As a specific example of a non-AVID taxonomy in the MISP format, see the specifications for the Operational Design Domain taxonomy.
We welcome the AI community to contribute to our repository of taxonomies, which you can find here. Doing so is easy: just create a JSON file for your taxonomy in the above schema and submit a Pull Request!