Enhancement: Threat description attribute

[sdog-nist]

General Comment

Threat ID:

Type of Comment:
Enter the letter that best describes the nature of your comment

• G - General comments on how information has been presented (e.g. format, organization, phrasing, diction, or terminology)

Proposed Change:
Add ThreatDescription attribute to threats, which can include more detailed technical information about the nature of the threat. This is particularly important if no additional resources (e.g., exploit examples, CVE) have been provided to help a reader understand a given threat.

Justification:
Threat titles may not be descriptive enough to convey to readers the actual nature of the threat. Inclusion of more detailed technical information in a description attribute also allows titles to be shorter and easier to view in the list of threats per category.

[boos]

I think I would like to add on top of this is that the articles used as a reference to understand the threat is usually a generic article from a generic/specialized online newspaper.

I would rather have the direct link to the research paper/presentation and not to a generic not specialized article. That is not valid for all threats but for some, a link to a general article is provided instead of for as an example the Blackhat presentation.