STOAT: Automated Scoring Tool for Software Weaknesses

The Scoring Threat Object Analysis Tool is a web application that automates the initial scoring of software's weaknesses based on the STIX 2.1 format. Customers can then edit the score to reflect their specific environment; the final output is in STIX 2.1 format. This tool addresses the challenges of scoring software, which can be time-consuming and require expertise. It aims to automate part of the process and standardize output, making it more efficient and accessible for non-experts. The project originated from wanting to update INL's open-source application, EMV, by making it web-based and focused on scoring software weaknesses. The hope is that this project will result in more open-source STIX output that the group and others can analyze.

GitHub repository: https://github.com/cisagov/STOAT