diff --git a/csv/Threat.csv b/csv/Threat.csv
index 2656805..98b0602 100644
--- a/csv/Threat.csv
+++ b/csv/Threat.csv
@@ -13,7 +13,7 @@ package#Application,domain#P.E.HIP-Hu.9,P.E.HIP-Hu.9,domain#Category-Anomalies,F
 package#Application,domain#P.E.HuirIPp-xD.9,P.E.HuirIPp-xD.9,domain#Category-Anomalies,FALSE,FALSE,,FALSE,FALSE,"User _Human_ of interactive process _InteractiveProcess_ has no interaction with data _Data_ used by _InteractiveProcess_: process _InteractiveProcess_ is specialised to support user interaction with data, and cannot process data without inolving the user. The domain model infers the user interaction where possible, but in this case there is some ambiguity so you must specify whether  _Human_  enters, views or amends _Data_. If _Human_ really does not interact with _Data_ then either delete the relationship of _InteractiveProcess_ to _Data_, or change the type of _InteractiveProcess_ to a less specialised type of process.",domain#MP-HuirIPp-xD,domain#Role_InteractiveProcess
 package#Application,domain#P.E.HuirPsD.9,P.E.HuirPsD.9,domain#Category-Anomalies,FALSE,FALSE,,FALSE,FALSE,"Data _Data_ is both served by interactive process _Process_ used by _Human_: this is not supported by the domain model as it leads to ambiguous dependencies. Please replace _Process_ by two distinct processes, one used by _Human_ and the other that serves _Data_, then specify which uses the other (usually the interactive process would use the data service, but this cannot be inferred automatically since it may not always be the case).",domain#MP-HuirPsD,domain#Role_Process
 package#Application,domain#P.E.PpD+noDU.9,P.E.PpD+noDU.9,domain#Category-Anomalies,FALSE,FALSE,,FALSE,FALSE,"Process _Process_ should not process data _Data_: process _Process_ is in one of the restricted classes that may not process data, i.e. an authentication client or service, a specialised reverse proxy service or a remote access client or service. If the relationship between _Process_ and _Data_ is not an error, then the type of _Process_ should be changed to a less restricted class.",domain#MP-PpD+noDU,domain#Role_Process
-package#CloudManagement,domain#DF.A.PDF.6.2,DF.A.PDF.6.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Loss of availability from suspending the flow of unauthentic data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data was subject to malicious tampering, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
+package#CloudManagement,domain#DF.A.PDF.6.2,DF.A.PDF.6.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Loss of availability from suspending the flow of unauthentic data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data was subject to malicious tampering, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
 package#CloudManagement,domain#H.A.CVHHDC.0,H.A.CVHHDC.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodLow,TRUE,TRUE,"SLA constrained virtual host _Host_ becomes unavailable: if clusterable virtual host _Host_ running in data centre _DataCentre_ becomes overloaded, and it is limited by an SLA from scaling up its use of resources at _DataCentre_, then it may become unavailable.",domain#MP-CVHHDC,domain#Role_Host
 package#CloudManagement,domain#H.E.CtDS.9,H.E.CtDS.9,domain#Category-Anomalies,FALSE,FALSE,,FALSE,FALSE,"Data _Data_ cannot be stored persistently in Container _Container_: host _Container_ is a Container, which cannot retain persistent state internally.",domain#MP-CtDS,domain#Role_Container
 package#CloudManagement,domain#H.E.CtH-iP.9,H.E.CtH-iP.9,domain#Category-Anomalies,FALSE,FALSE,,FALSE,FALSE,"Container _Container_ cannot be provisioned on host _Host_: a Container can only be provisioned by a Pod, which _Host_ is not.",domain#MP-CtH-iP,domain#Role_Container
@@ -43,8 +43,8 @@ package#DataLifecycle,domain#DF.A.HPDSDADF.0,DF.A.HPDSDADF.0,domain#Category-Sec
 package#DataLifecycle,domain#DF.A.HPDSDADF.6.1,DF.A.HPDSDADF.6.1,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Process_ cannot decrypt data _Data_ for transmission to _FlowsTo_: the stored copy of _Data_ on _Host_ is encrypted, but _FlowsTo_ expects an unencrypted version, and _Process_ has no means to decrypt the data before sending it.",domain#MP-HPDSDADF,domain#Role_DataFlow
 package#DataLifecycle,domain#DF.A.HPDSDADF.6.2,DF.A.HPDSDADF.6.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Process_ cannot send unencrypted data _Data_ to _FlowsTo_: because the stored copy of _Data_ on _Host_ is not encrypted, and _FlowsTo_ expects an encrypted version, it is not possible for _Process_ to send it without a key.",domain#MP-HPDSDADF,domain#Role_DataFlow
 package#DataLifecycle,domain#DF.A.PDF.6.1,DF.A.PDF.6.1,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Loss of availability in the disabled flow of data _Data_ from _FlowsFrom_ to _Process_: the flow of _Data_ between _FlowsFrom_ to _Process_ has been disabled to maintain security or prevent a breach of regulations, but as a result the data flow is now unavailable.",domain#MP-PDF,domain#Role_DataFlow
-package#DataLifecycle,domain#DF.A.PDF.6.3,DF.A.PDF.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Loss of availability from suspending the flow of corrupt data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data is corrupt, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
-package#DataLifecycle,domain#DF.A.PDF.6.4,DF.A.PDF.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Loss of availability from suspending the flow of infected data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data becomes infected with malware, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
+package#DataLifecycle,domain#DF.A.PDF.6.3,DF.A.PDF.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Loss of availability from suspending the flow of corrupt data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data is corrupt, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
+package#DataLifecycle,domain#DF.A.PDF.6.4,DF.A.PDF.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Loss of availability from suspending the flow of infected data _Data_ from _FlowsFrom_ to _Process_: if a contingency plan is used in which the flow of _Data_ between _FlowsFrom_ to _Process_ is disabled if the data becomes infected with malware, then the flow of data _Data_ from _FlowsFrom_ to _Process_ will become unavailable.",domain#MP-PDF,domain#Role_DataFlow
 package#DataLifecycle,domain#DF.A.PmDFIDADFI.0,DF.A.PmDFIDADFI.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Data _Data_ cannot be forwarded by _Process_ to _FlowsTo_ because the incoming data flow is not available: if the flow of data _Data_ to _Process_ is unavailable, the flow of the same data from _Process_ to _FlowsTo_ will also be unavailable.",domain#MP-PmDFIDADFI,domain#Role_DataFlow
 package#DataLifecycle,domain#DF.A.PmDFIDADFI.6.1,DF.A.PmDFIDADFI.6.1,domain#Category-SecondaryThreats,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Encrypted data _Data_ cannot be forwarded by _Process_ to _FlowsTo_: if the flow of data _Data_ to _Process_ is encrypted, it cannot be forwarded to _FlowsTo_ which expects it to be unencrypted.",domain#MP-PmDFIDADFI,domain#Role_DataFlow
 package#DataLifecycle,domain#DF.A.PmDFIDADFI.6.2,DF.A.PmDFIDADFI.6.2,domain#Category-SecondaryThreats,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Unencrypted data _Data_ cannot be forwarded by _Process_ to _FlowsTo_: if the flow of data _Data_ to _Process_ is not encrypted, it cannot be forwarded to _FlowsTo_ which expects it to be encrypted.",domain#MP-PmDFIDADFI,domain#Role_DataFlow
@@ -381,12 +381,12 @@ package#ProcessComms,domain#CC.AX.CCC-nS.6.1.1,CC.AX.CCC-nS.6.1.1,domain#Categor
 package#ProcessComms,domain#CC.AX.CCC-nS.6.1.3,CC.AX.CCC-nS.6.1.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Client _Client_ unable to use 2-factor authentication to access service _Service_: if service _Service_ requires clients to authenticate using a second factor (e.g. a one time key or out of band key exchange), but this is not available to _Client_ then access will be impossible.",domain#MP-CCC-nS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.AX.CCCS.1.3,CC.AX.CCCS.1.3,domain#Category-ExploitationOfPrivileges,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Compromised service _Service_ prevents access by _Client_: if service _Service_ is compromised then the attacker can prevent _Client_ from authenticating with the service.,domain#MP-CCCS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.AX.CCCS.6.1,CC.AX.CCCS.6.1,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Disabled access by client _Client_ to _Service_: access by client _Client_ to service _Service_ has been disabled to prevent communication threats. However, this also causes a loss of accessibility of the service from that client.",domain#MP-CCCS,domain#Role_ClientChannel
-package#ProcessComms,domain#CC.AX.CCCS.6.2,CC.AX.CCCS.6.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Disabling access by impersonated client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.",domain#MP-CCCS,domain#Role_ClientChannel
-package#ProcessComms,domain#CC.AX.CCCS.6.3,CC.AX.CCCS.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Disabling access by untrustworthy client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent access by a malicious or compromised client, but this affects the availability of client-service connections.",domain#MP-CCCS,domain#Role_ClientChannel
+package#ProcessComms,domain#CC.AX.CCCS.6.2,CC.AX.CCCS.6.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Disabling access by impersonated client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent access by an impersonated client, but this affects the availability of client-service connections.",domain#MP-CCCS,domain#Role_ClientChannel
+package#ProcessComms,domain#CC.AX.CCCS.6.3,CC.AX.CCCS.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Disabling access by untrustworthy client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent access by a malicious or compromised client, but this affects the availability of client-service connections.",domain#MP-CCCS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.AX.CCCSScS.0,CC.AX.CCCSScS.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Client _Client_ unable to authenticate with _Service_ to access service _Process_: the service _Process_ requires that clients authenticate with a separate service _Service_, which the client _Client_ is unable to do.",domain#MP-CCCSScS,domain#Role_AuthChannel
 package#ProcessComms,domain#CC.AX.CCCvCCS.0,CC.AX.CCCvCCS.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Access by _Client_ to _Service_ blocked between _ProxyClient_ and _Proxy_: if _Client_ is accessing _Service_ via a proxy, then a comms failure to or from the proxy also causes an end-to-end comms failure between _Client_  and _Service_.",domain#MP-CCCvCCS,domain#Role_ClientChannel
-package#ProcessComms,domain#CC.AX.CCDFSFS.6.4,CC.AX.CCDFSFS.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Disabling excessive access by client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent excessive amounts of data being requested from the service, but this affects the availability of client-service connections.",domain#MP-CCDFSFS,domain#Role_ClientChannel
-package#ProcessComms,domain#CC.AX.CCDFSTS.6.4,CC.AX.CCDFSTS.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Disabling excessive access by client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent excessive amounts of data being sent to the service, but this affects the availability of client-service connections.",domain#MP-CCDFSTS,domain#Role_ClientChannel
+package#ProcessComms,domain#CC.AX.CCDFSFS.6.4,CC.AX.CCDFSFS.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Disabling excessive access by client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent excessive amounts of data being requested from the service, but this affects the availability of client-service connections.",domain#MP-CCDFSFS,domain#Role_ClientChannel
+package#ProcessComms,domain#CC.AX.CCDFSTS.6.4,CC.AX.CCDFSTS.6.4,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Disabling excessive access by client _Client_ to _Service_ affects availability: access by client _Client_ to service _Service_ may be disabled to prevent excessive amounts of data being sent to the service, but this affects the availability of client-service connections.",domain#MP-CCDFSTS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.AX.HuCCC-nS.6.1.2,CC.AX.HuCCC-nS.6.1.2,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodMedium,TRUE,TRUE,"User _Human_ of client _Client_ forgot the password to authenticate with _Service_: the service _Service_ requires that clients authenticate using a strong password, but the user _Human_ cannot remember the password.",domain#MP-HuCCC-nS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.AX.HuCCC-nS.6.1.7,CC.AX.HuCCC-nS.6.1.7,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodMedium,TRUE,TRUE,"Continuous authN false negative at _Client_ prevents access to _Service_: the service _Service_ requires that clients use continuous authentication to verify the identity of the user _Human_, and this is in place but produces a false negative result.",domain#MP-HuCCC-nS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.C.CCCSCSoCC.3,CC.C.CCCSCSoCC.3,domain#Category-SnoopingAttacks,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Communications intercepted between _Client_ and _Service_: if a network communication path used by _Client_ and _Service_ is subject to snooping, then communications between _Client_ and _Service_ can be intercepted.",domain#MP-CCCSCSoCC,domain#Role_ClientChannel
@@ -402,10 +402,10 @@ package#ProcessComms,domain#CC.R.HuoStCCCS.1,CC.R.HuoStCCCS.1,domain#Category-Ex
 package#ProcessComms,domain#CC.R.HuStCCCS.1,CC.R.HuStCCCS.1,domain#Category-ExploitationOfPrivileges,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Malicious action by employee of _Employer_ using _Client_ to access _Service_: user _Human_ of client process _Client_ may be persuaded by their employer _Employer_ to abuse the right of _Client_ to access service _Service_.,domain#MP-HuStCCCS,domain#Role_ClientChannel
 package#ProcessComms,domain#CC.R.OCAPNoS.3,CC.R.OCAPNoS.3,domain#Category-ExploitationOfImposterPrivileges,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Imposter posing as _Client_ gains access to service _Service_ from _LogicalSubnet_: an attacker with access to subnet _LogicalSubnet_ who can impersonate legitimate client _Client_ or otherwise evade authentication can exploit a privileged network path from _Client_ to _Service_ and access service _Service_ as _Client_.,domain#MP-OCAPNoS,domain#Role_ClientChannel
 package#ProcessComms,domain#CP.IS.SCmCP.8,CP.IS.SCmCP.8,domain#Category-NormalOperation,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Client path(s) from _Client_ to _Service_ is in service: if there is an open channel from client _Client_ to service _Service_, then the service may be subject to authenticated attacks from logical subnets exploiting the open channel.",domain#MP-SCmCP,domain#Role_ClientPath
-package#ProcessComms,domain#DF.A.CCDFCS.6.3,DF.A.CCDFCS.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ via untrustworthy _Service_ disabled: if the system operates a policy to disable the flow of data _Data_ from _FlowsFrom_ if there is a perceived loss of trustworthiness in a recipient _Service_, then there will also be a loss of availability if _Service_ is untrustworthy.",domain#MP-CCDFCS,domain#Role_DataFlow
+package#ProcessComms,domain#DF.A.CCDFCS.6.3,DF.A.CCDFCS.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ via untrustworthy _Service_ disabled: if the system operates a policy to disable the flow of data _Data_ from _FlowsFrom_ if there is a perceived loss of trustworthiness in a recipient _Service_, then there will also be a loss of availability if _Service_ is untrustworthy.",domain#MP-CCDFCS,domain#Role_DataFlow
 package#ProcessComms,domain#DF.A.CCDFCS-i.0,DF.A.CCDFCS-i.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ interrupted because _Client_ cannot access _Service_: if client _Client_ cannot access service _Service_, the end to end flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ that uses this client-service connection will be interrupted.",domain#MP-CCDFCS-i,domain#Role_DataFlow
 package#ProcessComms,domain#DF.A.CCDFC-SS-i.0,DF.A.CCDFC-SS-i.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ interrupted by unavailable process _Client_: if process _Client_ is not available then it will be unable to initiate or forward the flow of _Data_ between _FlowsFrom_ to _FlowsTo_.,domain#MP-CCDFC-SS-i,domain#Role_DataFlow
-package#ProcessComms,domain#DF.A.CCDFSC.6.3,DF.A.CCDFSC.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ via untrustworthy process _Client_ disabled: if the system operates a policy to disable the flow of data _Data_ from _FlowsFrom_ if there is a perceived loss of trustworthiness in the recipient _Client_, then there will also be a loss of availability if _Client_ is untrustworthy.",domain#MP-CCDFSC,domain#Role_DataFlow
+package#ProcessComms,domain#DF.A.CCDFSC.6.3,DF.A.CCDFSC.6.3,domain#Category-SideEffectsOfSecurity,FALSE,FALSE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ via untrustworthy process _Client_ disabled: if the system operates a policy to disable the flow of data _Data_ from _FlowsFrom_ if there is a perceived loss of trustworthiness in the recipient _Client_, then there will also be a loss of availability if _Client_ is untrustworthy.",domain#MP-CCDFSC,domain#Role_DataFlow
 package#ProcessComms,domain#DF.A.CCDFSC-i.0,DF.A.CCDFSC-i.0,domain#Category-SecondaryThreats,TRUE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ interrupted because _Client_ cannot access _Service_: if client _Client_ cannot access service _Service_, the end to end flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ that uses this client-service connection will be interrupted.",domain#MP-CCDFSC-i,domain#Role_DataFlow
 package#ProcessComms,domain#DF.Auth.CCDFCS.1.3,DF.Auth.CCDFCS.1.3,domain#Category-ExploitationOfImposterPrivileges,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Compromised or impersonated client _Client_ injects fake content into the flow of data _Data_ from _FlowsFrom_ to _FlowsTo_ between _Client_ and _Service_: if an attacker can compromise or impersonate client _Client_, they can inject fake data in messages to _Service_.",domain#MP-CCDFCS,domain#Role_Data
 package#ProcessComms,domain#DF.Auth.CCDFFC.1.6,DF.Auth.CCDFFC.1.6,domain#Category-ExploitationOfPrivileges,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Compromised client _Client_ injects fake content into the encrypted flow of _Data_ to/via _Service_: if an attacker can compromise client _Client_, they can access its cryptographic key and alter data _Data_ flowing between _Client_ and _FlowsTo_.",domain#MP-CCDFFC,domain#Role_DataFlow
@@ -538,15 +538,15 @@ package#VulnerabilityCVSS,domain#DS.C.HDS.4,DS.C.HDS.4,domain#Category-Exploitat
 package#VulnerabilityCVSS,domain#DS.C.HPsACDSrDI.4,DS.C.HPsACDSrDI.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Attacker exploit at _Process_ accesses its input _Data_: the attacker is able to exploit a vulnerability in process _Process_, gaining access to the stored copy of _Data_ used by the process on its host device _Host_.",domain#MP-HPsACDSrDI,domain#Role_Data
 package#VulnerabilityCVSS,domain#DS.C.HPsACDSr-pDA.4,DS.C.HPsACDSr-pDA.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Attacker exploit at _Process_ accesses _Data_: the attacker is able to exploit a vulnerability in process _Process_ and gains access to the stored copy of _Data_ on device _Host_ which is served by the process.,domain#MP-HPsACDSr-pDA,domain#Role_Data
 package#VulnerabilityCVSS,domain#H.A.H.4,H.A.H.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Attacker exploit disables _Host_: the attacker exploits a vulnerability in device _Host_ and is able to crash the device.,domain#MP-H,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-A.TH.8,H.E-A.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,TRUE,TRUE,"Vulnerability (A) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on host availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-AU.H.8,H.E-AU.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Vulnerability (AU) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack that bypasses authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).",domain#MP-H,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-C.TH.8,H.E-C.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,TRUE,TRUE,"Vulnerability (C) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-I.TH.8,H.E-I.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,TRUE,TRUE,"Vulnerability (I) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-M.SH.8,H.E-M.SH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (M) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack gaining admin level access, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).",domain#MP-SH,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-VA.H.8,H.E-VA.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,TRUE,TRUE,"Vulnerability (VA) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019).",domain#MP-H,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-VL.H.8,H.E-VL.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (VL) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).",domain#MP-H,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-VN.H.8,H.E-VN.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Vulnerability (VN) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).",domain#MP-H,domain#Role_Host
-package#VulnerabilityCVSS,domain#H.E-W.GH.8,H.E-W.GH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (W) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.",domain#MP-GH,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-A.TH.8,H.E-A.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,FALSE,TRUE,"Vulnerability (A) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on host availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-AU.H.8,H.E-AU.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Vulnerability (AU) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack that bypasses authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).",domain#MP-H,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-C.TH.8,H.E-C.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,FALSE,TRUE,"Vulnerability (C) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-I.TH.8,H.E-I.TH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,FALSE,TRUE,"Vulnerability (I) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-TH,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-M.SH.8,H.E-M.SH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (M) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack gaining admin level access, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).",domain#MP-SH,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-VA.H.8,H.E-VA.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,FALSE,TRUE,"Vulnerability (VA) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019).",domain#MP-H,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-VL.H.8,H.E-VL.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (VL) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).",domain#MP-H,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-VN.H.8,H.E-VN.H.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Vulnerability (VN) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).",domain#MP-H,domain#Role_Host
+package#VulnerabilityCVSS,domain#H.E-W.GH.8,H.E-W.GH.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (W) discovered at _Host_: software vulnerability found in device _Host_, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.",domain#MP-GH,domain#Role_Host
 package#VulnerabilityCVSS,domain#H.J.GH.7,H.J.GH.7,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Malware inserts remote access back door in infected device _Host_: the malware infecting device _Host_ exploits a vulnerability to insert a means for the attacker to remotely access admin privileges on _Host_.,domain#MP-GH,domain#Role_Host
 package#VulnerabilityCVSS,domain#H.L.HAC.4,H.L.HAC.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Attacker exploit gains user privileges at _Host_ in location _Space_: the attacker exploits a vulnerability in device _Host_ when it is located in _Space_, and gains user level access to the device in that context.",domain#MP-HAC,domain#Role_Host
 package#VulnerabilityCVSS,domain#H.M.HAC.4,H.M.HAC.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,Attacker exploit gains admin rights at _Host_ when it is in location _Space_: the attacker exploits a vulnerability in device _Host_ in context _HostAccess_ and gains control over the device in that context.,domain#MP-HAC,domain#Role_Host
@@ -569,18 +569,18 @@ package#VulnerabilityCVSS,domain#P.A.HuDFrXSS.6,P.A.HuDFrXSS.6,domain#Category-E
 package#VulnerabilityCVSS,domain#P.A.HuDFsXSS.6,P.A.HuDFsXSS.6,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Service_ disabled to prevent XSS attack on _Client_ injected via input _Data_ from _FlowsFrom_: if service _Service_ is disabled to prevent XSS attacks on _Client_ injected via input _Data_ from _FlowsFrom_, then _Service_ will be unavailable.",domain#MP-HuDFsXSS,domain#Role_Service
 package#VulnerabilityCVSS,domain#P.A.HuDSrXSS.6,P.A.HuDSrXSS.6,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Service_ disabled to prevent XSS attack on _Client_ via its input _Data_: if service _Service_ is disabled to prevent XSS attacks using malicious content injected via locally stored inpuut _Data_, this will make the service unavailable.",domain#MP-HuDSrXSS,domain#Role_Service
 package#VulnerabilityCVSS,domain#P.A.HuDSsXSS.6,P.A.HuDSsXSS.6,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Service _Service_ disabled to prevent XSS attack on _Client_ injected via local input _Data_: if service _Service_ is disabled to prevent XSS attacks on _Client_ injected via input _Data_, then _Service_ will be unavailable.",domain#MP-HuDSsXSS,domain#Role_Service
-package#VulnerabilityCVSS,domain#P.E-A.HP-iT.8,P.E-A.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,TRUE,TRUE,"Vulnerability (A) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on process availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-AU.HP-iT.8,P.E-AU.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Vulnerability (AU) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack bypassing authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-C.HP-iT.8,P.E-C.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,TRUE,TRUE,"Vulnerability (C) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-I.HP-iT.8,P.E-I.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,TRUE,TRUE,"Vulnerability (I) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-M.SHP-iT.8,P.E-M.SHP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (M) discovered at _Process_: software vulnerability found in process _Process_, which could allow admin level access to its host device, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).",domain#MP-SHP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-QI.HP-iT.8,P.E-QI.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodHigh,TRUE,TRUE,"Vulnerability (QI) discovered at _Process_: software vulnerability found in process _Process_, which could allow injection of queries into a back-end database, and may be known to attackers. Around 3 percent of vulnerabilities relate to query injection, but around 5 percent of all low complexity attacks are of this type (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-U.SHP-iT.8,P.E-U.SHP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodHigh,TRUE,TRUE,"Vulnerability (U) discovered at _Process_: software vulnerability found in process _Process_, which could allow user level access to its host device with the rights of the process, and may be known to attackers. Around 30 percent of vulnerabilities allow local user access to the vulnerable device (NVD 2015-2019).",domain#MP-SHP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-VA.HP-iT.8,P.E-VA.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,TRUE,TRUE,"Vulnerability (VA) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019), and presumably the majority are in the O/S (i.e. the host).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-VL.HP-iT.8,P.E-VL.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (VL) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-VN.HP-iT.8,P.E-VN.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Vulnerability (VN) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-W.HP-iT.8,P.E-W.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (W) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.",domain#MP-HP-iT,domain#Role_Process
-package#VulnerabilityCVSS,domain#P.E-XS.HP-iT.8,P.E-XS.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,TRUE,TRUE,"Vulnerability (XS) discovered at _Process_: software vulnerability found in process _Process_, which could allow a cross-site scripting attack on a client, and may be known to attackers. Around 14 percent of vulnerabilities relate to cross site scripting, including 32 percent of vulnerabilities relating to medium complexity exploits (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-A.HP-iT.8,P.E-A.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,FALSE,TRUE,"Vulnerability (A) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on process availability, and may be known to attackers. Only around 4 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-AU.HP-iT.8,P.E-AU.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Vulnerability (AU) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack bypassing authentication, and may be known to attackers. Around 82 percent of vulnerabilities can be accessed without authentication (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-C.HP-iT.8,P.E-C.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,FALSE,TRUE,"Vulnerability (C) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on data confidentiality, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-I.HP-iT.8,P.E-I.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryLow,FALSE,TRUE,"Vulnerability (I) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack on data integrity, and may be known to attackers. Less than 1 percent of vulnerabilities are specific to this type of action (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-M.SHP-iT.8,P.E-M.SHP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (M) discovered at _Process_: software vulnerability found in process _Process_, which could allow admin level access to its host device, and may be known to attackers. Around 18 percent of vulnerabilities allow complete control of the vulnerable device (NVD 2015-2019).",domain#MP-SHP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-QI.HP-iT.8,P.E-QI.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodHigh,FALSE,TRUE,"Vulnerability (QI) discovered at _Process_: software vulnerability found in process _Process_, which could allow injection of queries into a back-end database, and may be known to attackers. Around 3 percent of vulnerabilities relate to query injection, but around 5 percent of all low complexity attacks are of this type (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-U.SHP-iT.8,P.E-U.SHP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodHigh,FALSE,TRUE,"Vulnerability (U) discovered at _Process_: software vulnerability found in process _Process_, which could allow user level access to its host device with the rights of the process, and may be known to attackers. Around 30 percent of vulnerabilities allow local user access to the vulnerable device (NVD 2015-2019).",domain#MP-SHP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-VA.HP-iT.8,P.E-VA.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodLow,FALSE,TRUE,"Vulnerability (VA) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack from an adjacent network, and may be known to attackers. Under 2 percent of vulnerabilities require low level access from an adjacent network (NVD 2015-2019), and presumably the majority are in the O/S (i.e. the host).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-VL.HP-iT.8,P.E-VL.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (VL) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack by a local user, and may be known to attackers. Around 14 percent of vulnerabilities require local user access to the vulnerable device (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-VN.HP-iT.8,P.E-VN.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodVeryHigh,FALSE,TRUE,"Vulnerability (VN) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack from a remote network, and may be known to attackers. Around 84 percent of vulnerabilities can be accessed from a remote network (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-W.HP-iT.8,P.E-W.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (W) discovered at _Process_: software vulnerability found in process _Process_, which could allow an attack by self-propagating malware, and may be known to attackers. Statistics not analysed, but should be less likely than user-level access because someone would need to know about the vulnerability and then develop fully automated and self-propagating malware able to attack it.",domain#MP-HP-iT,domain#Role_Process
+package#VulnerabilityCVSS,domain#P.E-XS.HP-iT.8,P.E-XS.HP-iT.8,domain#Category-DiscoveryOfVulnerabilies,FALSE,TRUE,domain#LikelihoodMedium,FALSE,TRUE,"Vulnerability (XS) discovered at _Process_: software vulnerability found in process _Process_, which could allow a cross-site scripting attack on a client, and may be known to attackers. Around 14 percent of vulnerabilities relate to cross site scripting, including 32 percent of vulnerabilities relating to medium complexity exploits (NVD 2015-2019).",domain#MP-HP-iT,domain#Role_Process
 package#VulnerabilityCVSS,domain#P.L.HPAC.4,P.L.HPAC.4,domain#Category-ExploitationOfVulnerabilityEffects,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Attacker exploit takes control of _Process_ in _Space_: the attacker exploits a vulnerability in process _Process_ when its host _Host_ is located in _Space_, giving them control of the process behaviour and access to its privileges on _Host_ when in that location.",domain#MP-HPAC,domain#Role_Process
 package#VulnerabilityCVSS,domain#P.V.CCAPNoS.2,P.V.CCAPNoS.2,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Remote authenticated exploit on service _Service_ as _Client_ from _LogicalSubnet_: an attacker able to authenticate to service _Service_ as client _Client_, and with access to _LogicalSubnet_ can exploit a privileged network path to the service to send a message containing malicious content that, after authentication, can exploit a bug in _Service_.",domain#MP-CCAPNoS,domain#Role_Service
 package#VulnerabilityCVSS,domain#P.V.CCCPNaP.2,P.V.CCCPNaP.2,domain#Category-ExploitationOfVulnerabilities,FALSE,FALSE,domain#LikelihoodVeryHigh,TRUE,TRUE,"Remote authenticated exploit on service _Process_ as _Client_ via reverse proxy _Proxy_: an attacker able to authenticate as client _Client_ with back end service _Service_ can send messages containing malicious content via _Proxy_ to _Process_ that, after authentication, can exploit a bug in _Process_.",domain#MP-CCCPNaP,domain#Role_Process