SecID

The Problem

Security knowledge is scattered across dozens of databases. Each has its own ID format, its own website, its own API. There's no universal way to reference "this CVE" or "this NIST control" that works across tools, reports, and conversations.

Copy-pasting CVE-2021-44228 into a report doesn't tell you where to look it up. Which database? MITRE? NVD? Red Hat? All three?

The Solution

SecID gives every piece of security knowledge a structured identifier that resolves to where you can find it:

secid:advisory/mitre.org/cve#CVE-2021-44228
  → https://www.cve.org/CVERecord?id=CVE-2021-44228

secid:weakness/mitre.org/cwe#CWE-79
  → https://cwe.mitre.org/data/definitions/79.html

secid:ttp/mitre.org/attack#T1059.003
  → https://attack.mitre.org/techniques/T1059/003/

secid:control/nist.gov/800-53@r5#AC-1
  → https://csrc.nist.gov/.../AC-1

The format is modeled after Package URL (PURL) — the same grammar that identifies software packages, adapted for security knowledge.

How It Works

secid:type/namespace/name[@version]#subpath

  type       → What kind of thing (advisory, weakness, ttp, control, ...)
  namespace  → Who publishes it (mitre.org, nist.gov, owasp.org, ...)
  name       → Which database/framework (cve, cwe, attack, 800-53, ...)
  @version   → Which edition (optional: @2021, @r5, @4.0)
  #subpath   → The specific item (CVE-2021-44228, CWE-79, T1059.003)

Seven Types of Security Knowledge

Cross-Source Search

Don't know which database has your identifier? Just give the type and the ID — SecID searches all sources:

secid:advisory/CVE-2024-1234
  → MITRE CVE, NVD, Red Hat, GitHub Advisory, ... (all sources that track this CVE)

Try it in the resolver box above — type secid:advisory/CVE-2024-1234 and see all the sources that know about it.

API

One endpoint, one format:

GET /api/v1/resolve?secid=secid:advisory/mitre.org/cve%23CVE-2021-44228

{
  "secid_query": "secid:advisory/mitre.org/cve#CVE-2021-44228",
  "status": "found",
  "results": [
    {
      "secid": "secid:advisory/mitre.org/cve#CVE-2021-44228",
      "weight": 100,
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    }
  ]
}

The API also supports progressive browsing: query secid:advisory to list all advisory sources, secid:advisory/mitre.org to see what MITRE publishes, and so on.

MCP Server

SecID is available as an MCP (Model Context Protocol) server. See the setup instructions above — it's one URL. AI-first design: responses include context, descriptions, and disambiguation guidance so agents can reason about security knowledge without external documentation.

The Registry

SecID is backed by a curated registry of 121 namespaces across 7 types — covering CVE, CWE, ATT&CK, NIST 800-53, ISO 27001, OWASP, and dozens more.

The registry is open source. Contributions welcome — adding a new source is a single JSON file.

Design Principles

• Labeling and finding. SecID identifies and locates security knowledge. It doesn't assign IDs, store data, or track relationships — those are separate layers.
• AI-first, human-legible. Structured for machine reasoning, readable by practitioners.
• Helpful over correct. Malformed queries get corrected, not rejected. Partial matches return related data. Never a bare error.
• Follow the source. RHSA-2026:0932 stays RHSA-2026:0932. No mangling, no normalizing, no information loss.
• Domain-name namespaces. mitre.org, nist.gov, owasp.org — globally unique, self-explanatory, ready for future self-registration via DNS.