Security Vulnerability Expressions: A Technology for Empowering Novice Practitioners Around the World with Security Maturity Capabilities

Abstract

The evolution of security over several decades by advanced countries has generated vast amounts of valuable security knowledge (“Knowledge”) contained in standards, regulations and guidance (“Frameworks”) published in the form of documents and spreadsheets. Knowledge captured in this form is very difficult to consume and adapt, especially by novice practitioners. If this barrier could be removed, it would release its enormous locked-in value to the rest of the world who desperately need it. A model and enabling software application (“Technology”) is proposed for novice practitioners to quickly ingest existing, readily available knowledge contained in frameworks; thereby enabling easy access, search, visualization, navigation, and consumption of the frameworks and their maps. This technology will be made available as open source to the world.