Rename description attribute to definition

Makefile

@@ -55,7 +55,7 @@ down:
 regenerate_json:
 	@echo "Regenerating JSON files..."
 	rm -rf data/json/decision_points
-	export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json/decision_points --overwrite
+	export PYTHONPATH=$(PWD)/src && ./src/ssvc/doctools.py --jsondir=./data/json --overwrite
 
 clean:
 	@echo "Cleaning up Docker resources..."

data/json/decision_points/basic/do_schedule_delegate_delete_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "IKE",
   "version": "1.0.0",
   "name": "Do, Schedule, Delegate, Delete",
-  "description": "The Eisenhower outcome group.",
+  "definition": "The Eisenhower outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "D",
       "name": "Delete",
-      "description": "Delete"
+      "definition": "Delete"
     },
     {
       "key": "G",
       "name": "Delegate",
-      "description": "Delegate"
+      "definition": "Delegate"
     },
     {
       "key": "S",
       "name": "Schedule",
-      "description": "Schedule"
+      "definition": "Schedule"
     },
     {
       "key": "O",
       "name": "Do",
-      "description": "Do"
+      "definition": "Do"
     }
   ]
 }

data/json/decision_points/basic/lowmediumhigh_1_0_0.json

@@ -3,23 +3,23 @@
   "key": "LMH",
   "version": "1.0.0",
   "name": "LowMediumHigh",
-  "description": "A Low/Medium/High decision point / outcome group.",
+  "definition": "A Low/Medium/High decision point / outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "L",
       "name": "Low",
-      "description": "Low"
+      "definition": "Low"
     },
     {
       "key": "M",
       "name": "Medium",
-      "description": "Medium"
+      "definition": "Medium"
     },
     {
       "key": "H",
       "name": "High",
-      "description": "High"
+      "definition": "High"
     }
   ]
 }

data/json/decision_points/basic/moscow_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "MSCW",
   "version": "1.0.0",
   "name": "MoSCoW",
-  "description": "The MoSCoW (Must, Should, Could, Won't) outcome group.",
+  "definition": "The MoSCoW (Must, Should, Could, Won't) outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "W",
       "name": "Won't",
-      "description": "Won't"
+      "definition": "Won't"
     },
     {
       "key": "C",
       "name": "Could",
-      "description": "Could"
+      "definition": "Could"
     },
     {
       "key": "S",
       "name": "Should",
-      "description": "Should"
+      "definition": "Should"
     },
     {
       "key": "M",
       "name": "Must",
-      "description": "Must"
+      "definition": "Must"
     }
   ]
 }

data/json/decision_points/basic/value_complexity_1_0_0.json

@@ -3,28 +3,28 @@
   "key": "VALUE_COMPLEXITY",
   "version": "1.0.0",
   "name": "Value, Complexity",
-  "description": "The Value/Complexity outcome group.",
+  "definition": "The Value/Complexity outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "D",
       "name": "Drop",
-      "description": "Drop"
+      "definition": "Drop"
     },
     {
       "key": "R",
       "name": "Reconsider Later",
-      "description": "Reconsider Later"
+      "definition": "Reconsider Later"
     },
     {
       "key": "E",
       "name": "Easy Win",
-      "description": "Easy Win"
+      "definition": "Easy Win"
     },
     {
       "key": "F",
       "name": "Do First",
-      "description": "Do First"
+      "definition": "Do First"
     }
   ]
 }

data/json/decision_points/basic/yesno_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "YN",
   "version": "1.0.0",
   "name": "YesNo",
-  "description": "A Yes/No decision point / outcome group.",
+  "definition": "A Yes/No decision point / outcome group.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "N",
       "name": "No",
-      "description": "No"
+      "definition": "No"
     },
     {
       "key": "Y",
       "name": "Yes",
-      "description": "Yes"
+      "definition": "Yes"
     }
   ]
 }

data/json/decision_points/cisa/cisa_levels_1_1_0.json

@@ -3,28 +3,28 @@
   "key": "CISA",
   "version": "1.1.0",
   "name": "CISA Levels",
-  "description": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.",
+  "definition": "The CISA outcome group. CISA uses its own SSVC decision tree model to prioritize relevant vulnerabilities into four possible decisions: Track, Track*, Attend, and Act.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "T",
       "name": "Track",
-      "description": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."
+      "definition": "The vulnerability does not require action at this time. The organization would continue to track the vulnerability and reassess it if new information becomes available. CISA recommends remediating Track vulnerabilities within standard update timelines."
     },
     {
       "key": "T*",
       "name": "Track*",
-      "description": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."
+      "definition": "The vulnerability contains specific characteristics that may require closer monitoring for changes. CISA recommends remediating Track* vulnerabilities within standard update timelines."
     },
     {
       "key": "AT",
       "name": "Attend",
-      "description": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."
+      "definition": "The vulnerability requires attention from the organization's internal, supervisory-level individuals. Necessary actions may include requesting assistance or information about the vulnerability and may involve publishing a notification, either internally and/or externally, about the vulnerability. CISA recommends remediating Attend vulnerabilities sooner than standard update timelines."
     },
     {
       "key": "AC",
       "name": "Act",
-      "description": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."
+      "definition": "The vulnerability requires attention from the organization's internal, supervisory-level and leadership-level individuals. Necessary actions include requesting assistance or information about the vulnerability, as well as publishing a notification either internally and/or externally. Typically, internal groups would meet to determine the overall response and then execute agreed upon actions. CISA recommends remediating Act vulnerabilities as soon as possible."
     }
   ]
 }

data/json/decision_points/cisa/in_kev_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "KEV",
   "version": "1.0.0",
   "name": "In KEV",
-  "description": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.",
+  "definition": "Denotes whether a vulnerability is in the CISA Known Exploited Vulnerabilities (KEV) list.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "N",
       "name": "No",
-      "description": "Vulnerability is not listed in KEV."
+      "definition": "Vulnerability is not listed in KEV."
     },
     {
       "key": "Y",
       "name": "Yes",
-      "description": "Vulnerability is listed in KEV."
+      "definition": "Vulnerability is listed in KEV."
     }
   ]
 }

data/json/decision_points/cisa/mission_prevalence_1_0_0.json

@@ -3,23 +3,23 @@
   "key": "MP",
   "version": "1.0.0",
   "name": "Mission Prevalence",
-  "description": "Prevalence of the mission essential functions",
+  "definition": "Prevalence of the mission essential functions",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "M",
       "name": "Minimal",
-      "description": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions."
+      "definition": "Neither Support nor Essential apply. The vulnerable component may be used within the entities, but it is not used as a mission-essential component, nor does it provide impactful support to mission-essential functions."
     },
     {
       "key": "S",
       "name": "Support",
-      "description": "The vulnerable component only supports MEFs for two or more entities."
+      "definition": "The vulnerable component only supports MEFs for two or more entities."
     },
     {
       "key": "E",
       "name": "Essential",
-      "description": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure."
+      "definition": "The vulnerable component directly provides capabilities that constitute at least one MEF for at least one entity; component failure may (but does not necessarily) lead to overall mission failure."
     }
   ]
 }

data/json/decision_points/cvss/access_complexity_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "AC",
   "version": "1.0.0",
   "name": "Access Complexity",
-  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)"
+      "definition": "Specialized access conditions exist; for example: the system is exploitable during specific windows of time (a race condition), the system is exploitable under specific circumstances (nondefault configurations), or the system is exploitable with victim interaction (vulnerability exploitable only if user opens e-mail)"
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable."
+      "definition": "Specialized access conditions or extenuating circumstances do not exist; the system is always exploitable."
     }
   ]
 }

data/json/decision_points/cvss/access_complexity_2_0_0.json

@@ -3,23 +3,23 @@
   "key": "AC",
   "version": "2.0.0",
   "name": "Access Complexity",
-  "description": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
+  "definition": "This metric measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "Specialized access conditions exist."
+      "definition": "Specialized access conditions exist."
     },
     {
       "key": "M",
       "name": "Medium",
-      "description": "The access conditions are somewhat specialized."
+      "definition": "The access conditions are somewhat specialized."
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "Specialized access conditions or extenuating circumstances do not exist."
+      "definition": "Specialized access conditions or extenuating circumstances do not exist."
     }
   ]
 }

data/json/decision_points/cvss/access_vector_1_0_0.json

@@ -3,18 +3,18 @@
   "key": "AV",
   "version": "1.0.0",
   "name": "Access Vector",
-  "description": "This metric measures whether or not the vulnerability is exploitable locally or remotely.",
+  "definition": "This metric measures whether or not the vulnerability is exploitable locally or remotely.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "L",
       "name": "Local",
-      "description": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)"
+      "definition": "The vulnerability is only exploitable locally (i.e., it requires physical access or authenticated login to the target system)"
     },
     {
       "key": "R",
       "name": "Remote",
-      "description": "The vulnerability is exploitable remotely."
+      "definition": "The vulnerability is exploitable remotely."
     }
   ]
 }

data/json/decision_points/cvss/access_vector_2_0_0.json

@@ -3,23 +3,23 @@
   "key": "AV",
   "version": "2.0.0",
   "name": "Access Vector",
-  "description": "This metric reflects the context by which vulnerability exploitation is possible.",
+  "definition": "This metric reflects the context by which vulnerability exploitation is possible.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "L",
       "name": "Local",
-      "description": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account."
+      "definition": "A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account."
     },
     {
       "key": "A",
       "name": "Adjacent Network",
-      "description": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software."
+      "definition": "A vulnerability exploitable with adjacent network access requires the attacker to have access to either the broadcast or collision domain of the vulnerable software."
     },
     {
       "key": "N",
       "name": "Network",
-      "description": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'."
+      "definition": "A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed 'remotely exploitable'."
     }
   ]
 }

data/json/decision_points/cvss/attack_complexity_3_0_0.json

@@ -3,18 +3,18 @@
   "key": "AC",
   "version": "3.0.0",
   "name": "Attack Complexity",
-  "description": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",
+  "definition": "This metric describes the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "A successful attack depends on conditions beyond the attacker's control."
+      "definition": "A successful attack depends on conditions beyond the attacker's control."
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component."
+      "definition": "Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success against the vulnerable component."
     }
   ]
 }

data/json/decision_points/cvss/attack_complexity_3_0_1.json

@@ -3,18 +3,18 @@
   "key": "AC",
   "version": "3.0.1",
   "name": "Attack Complexity",
-  "description": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ",
+  "definition": "This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. ",
   "schemaVersion": "2.0.0",
   "values": [
     {
       "key": "H",
       "name": "High",
-      "description": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place."
+      "definition": "The successful attack depends on the evasion or circumvention of security-enhancing techniques in place that would otherwise hinder the attack. These include: Evasion of exploit mitigation techniques. The attacker must have additional methods available to bypass security measures in place."
     },
     {
       "key": "L",
       "name": "Low",
-      "description": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. "
+      "definition": "The attacker must take no measurable action to exploit the vulnerability. The attack requires no target-specific circumvention to exploit the vulnerability. An attacker can expect repeatable success against the vulnerable system. "
     }
   ]
 }