Piercing index update (PI 1.6.1) #434
Description
Please note that, as of version 1.6.1 (which is backward compatible with the prior version 1.6 currently implemented in cloudvulndb), a new (and final) question has been added to the questionnaire: question A9.
This new question appears necessary following the disclosure of the Azure Entra ID Actor Token vulnerability.
To ensure backward compatibility, the default value of A9 is 1
A9 can take 3 possible values: 1, 1.05 or 1.1
A9 captures the level of detectability of the vulnerability by Cloud provider audit log capabilities:
Value 1 means the vuln is detectable, all potentially impacted customers can be identified by the cloud provider.
Value 1.05 means partial detection
Value 1.1 means that some critical audit logs are missing
Note: with the introduction of A9, the Piercing Index can finally reach its highest possible score: 10
Full details here (if necessary):
https://github.com/piercing-index/cloud-vulnerabilities/blob/main/Specifications.md