ProductRelease¶
The ProductRelease asset type in the OWASP Open Asset Model (OAM) represents a specific version or release milestone of a technology product. This asset enables security analysts to track when a product version was introduced, helping to contextualize vulnerabilities, lifecycles, and compatibility considerations.
-
Definition: A
ProductReleaseasset identifies a named version or release of a product (e.g., "v2.4.1", "2023 Q1 Patch"). It may optionally include the release date in a standardized format. -
Purpose: Tracking product releases is vital for assessing vulnerability exposure, patch levels, software supply chain integrity, and asset compatibility. This asset type supports fine-grained analysis of software deployment across environments.
-
Design Choice: By separating a
ProductReleasefrom the broaderProductasset, the model supports a clean versioning structure that can evolve independently. This separation enables better temporal modeling and historical tracking of asset deployments and vulnerabilities.
In summary, the ProductRelease asset type provides version-level granularity for representing software and hardware products, enriching the asset graph for supply chain and lifecycle analysis.
ProductRelease Attributes¶
| Attributes | Type | Required | Description |
|---|---|---|---|
name |
string | Identifier of the release (e.g., v1.2.3, 2024.06) |
|
release_date |
string | Optional date the release became available (YYYY-MM-DD) |
ProductRelease Properties¶
| Property Type | Property Name | Description |
|---|---|---|
SimpleProperty |
last_monitored |
Tracks when a data source was last queried regarding this ProductRelease |
SourceProperty |
Source Plugin Name | Indicates that the specified data source discovered this ProductRelease |
VulnProperty |
Vulnerability ID | Specifies a vulnerability associated with this ProductRelease |
ProductRelease Outgoing Relations¶
graph TD
release["ProductRelease (Apache HTTP Server v1.2.3)"]
ident["Identifier"]
rel@{ shape: braces, label: "id" }
release --o rel
rel --> ident
url["URL"]
urlRel@{ shape: braces, label: "website" }
release --o urlRel
urlRel --> url| Relation Type | Relation Label | Target Assets | Description |
|---|---|---|---|
SimpleRelation |
id |
Identifier |
Links the ProductRelease to other identifiers, such as a serial number |
SimpleRelation |
website |
URL |
Links the ProductRelease to a website with additional information |
© 2025 Jeff Foley — Licensed under Apache 2.0.