From 5781af95cf928dd2d373ee7dfb65f047d78e360d Mon Sep 17 00:00:00 2001 From: Kurt Seifried Date: Mon, 8 Jun 2026 11:44:39 -0600 Subject: [PATCH] Normalize hyperscaler parent-company vs cloud-arm entities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Establishes a consistent, neutral model across all 8 major hyperscalers: the parent corporation and its cloud business are each a distinct entity with its own DNS namespace. Products, services, and CVEs attach under the cloud-arm namespace (e.g. secid:entity/aws.amazon.com/s3). The parent⊃cloud relationship is recorded in notes: cross-references (both directions), pending the future Relationship layer. Fixes: - amazon.com / aws.amazon.com: names were SWAPPED (amazon.com said "Amazon Web Services", aws.amazon.com said "Amazon"). Corrected to "Amazon.com, Inc." and "Amazon Web Services" respectively; moved AWS security-guidance notes onto the AWS record; fixed amazon.com URL to www.amazon.com. - cloud.oracle.com: "Oracle" -> "Oracle Cloud Infrastructure" (common: OCI). - cloud.tencent.com: "Tencent" -> "Tencent Cloud". (Both inherited the parent's name from the CSA-member stub ingestion.) - huawei.com / huaweicloud.com: tidied names + added cross-references. Adds (canonical cloud-arm or missing-parent namespaces): - azure.microsoft.com (Microsoft Azure) - cloud.google.com (Google Cloud) - cloud.ibm.com (IBM Cloud) - alibaba.com (Alibaba Group Holding) + alibabacloud.com (Alibaba Cloud) - tencent.com (Tencent Holdings) Cross-reference notes added to the existing parents (microsoft, google, oracle, ibm) pointing at their cloud arm. Non-destructive: where a parent product catalog already lists the cloud as a child match_node (microsoft.com/azure, oracle.com/cloud), that entry is left intact as a catalog alias; the cloud-arm namespace is the canonical entity. All 2028 registry files validate against the schema; subtype check clean. Co-Authored-By: Claude Opus 4.8 (1M context) --- CLAUDE.md | 4 ++-- README.md | 4 ++-- registry/entity/com/alibaba.json | 20 ++++++++++++++++++++ registry/entity/com/alibabacloud.json | 20 ++++++++++++++++++++ registry/entity/com/amazon.json | 8 ++++---- registry/entity/com/aws.amazon.json | 6 +++--- registry/entity/com/azure.microsoft.json | 20 ++++++++++++++++++++ registry/entity/com/cloud.google.json | 22 ++++++++++++++++++++++ registry/entity/com/cloud.ibm.json | 20 ++++++++++++++++++++ registry/entity/com/cloud.oracle.json | 6 +++--- registry/entity/com/cloud.tencent.json | 4 ++-- registry/entity/com/google.json | 2 +- registry/entity/com/huawei.json | 6 +++--- registry/entity/com/huaweicloud.json | 4 ++-- registry/entity/com/ibm.json | 2 +- registry/entity/com/microsoft.json | 2 +- registry/entity/com/oracle.json | 2 +- registry/entity/com/tencent.json | 20 ++++++++++++++++++++ 18 files changed, 147 insertions(+), 25 deletions(-) create mode 100644 registry/entity/com/alibaba.json create mode 100644 registry/entity/com/alibabacloud.json create mode 100644 registry/entity/com/azure.microsoft.json create mode 100644 registry/entity/com/cloud.google.json create mode 100644 registry/entity/com/cloud.ibm.json create mode 100644 registry/entity/com/tencent.json diff --git a/CLAUDE.md b/CLAUDE.md index 69c04ab..145e0fa 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -271,9 +271,9 @@ All registry namespaces have been converted to JSON format. These `.json` files | Methodology | 23 | | Disclosure | 486 | | Regulation | 49 | -| Entity | 944 | +| Entity | 950 | | Reference | 185 | -| **Total** | **2022** | +| **Total** | **2028** | diff --git a/README.md b/README.md index 18a55e9..3dc935f 100644 --- a/README.md +++ b/README.md @@ -548,9 +548,9 @@ The identifier grammar, type list, and registry format are stable. The resolver | Methodology | 23 | | Disclosure | 486 | | Regulation | 49 | -| Entity | 944 | +| Entity | 950 | | Reference | 185 | -| **Total** | **2022** | +| **Total** | **2028** | diff --git a/registry/entity/com/alibaba.json b/registry/entity/com/alibaba.json new file mode 100644 index 0000000..3605837 --- /dev/null +++ b/registry/entity/com/alibaba.json @@ -0,0 +1,20 @@ +{ + "schema_version": "1.0", + "namespace": "alibaba.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated parent-company record. Note: alibaba.com is also the group's B2B marketplace property; this record represents the corporate parent. Its cloud business is Alibaba Cloud (secid:entity/alibabacloud.com).", + "official_name": "Alibaba Group Holding Limited", + "common_name": "Alibaba", + "alternate_names": null, + "notes": "Parent company. Its cloud computing subsidiary is Alibaba Cloud / Aliyun (secid:entity/alibabacloud.com), where cloud products and CVEs attach. This record identifies the corporate group, not the cloud business.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://www.alibaba.com" + } + ], + "match_nodes": [] +} diff --git a/registry/entity/com/alibabacloud.json b/registry/entity/com/alibabacloud.json new file mode 100644 index 0000000..e1b4ab7 --- /dev/null +++ b/registry/entity/com/alibabacloud.json @@ -0,0 +1,20 @@ +{ + "schema_version": "1.0", + "namespace": "alibabacloud.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated cloud-business record, parallel to its parent Alibaba Group (secid:entity/alibaba.com).", + "official_name": "Alibaba Cloud", + "common_name": "Aliyun", + "alternate_names": null, + "notes": "Cloud computing subsidiary of Alibaba Group Holding Limited (secid:entity/alibaba.com). Known as Aliyun in China (aliyun.com). Products and services resolve under this namespace.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://www.alibabacloud.com" + } + ], + "match_nodes": [] +} diff --git a/registry/entity/com/amazon.json b/registry/entity/com/amazon.json index 496dab9..debad88 100644 --- a/registry/entity/com/amazon.json +++ b/registry/entity/com/amazon.json @@ -4,16 +4,16 @@ "type": "entity", "status": "draft", "status_notes": null, - "official_name": "Amazon Web Services", - "common_name": "AWS", + "official_name": "Amazon.com, Inc.", + "common_name": "Amazon", "alternate_names": null, - "notes": "AWS publishes security guidance through the Well-Architected Framework, Security Best Practices whitepapers, and service-specific security documentation.", + "notes": "Parent company. Amazon.com, Inc. is the corporation; its cloud computing subsidiary is Amazon Web Services (secid:entity/aws.amazon.com), where cloud products, services, and CVEs attach. This record identifies the corporation, not the cloud business.", "wikidata": null, "wikipedia": null, "urls": [ { "type": "website", - "url": "https://aws.amazon.com/security/" + "url": "https://www.amazon.com" } ], "match_nodes": [] diff --git a/registry/entity/com/aws.amazon.json b/registry/entity/com/aws.amazon.json index 90ae826..c11a268 100644 --- a/registry/entity/com/aws.amazon.json +++ b/registry/entity/com/aws.amazon.json @@ -4,10 +4,10 @@ "type": "entity", "status": "draft", "status_notes": "Auto-generated stub from the CSA public member list (csa-website-members-2026-06-08). Identity is the member's name and primary domain; match_nodes are empty pending human review to add product/service patterns. CSA membership itself is a relationship-layer fact and is intentionally not encoded on this record.", - "official_name": "Amazon", - "common_name": null, + "official_name": "Amazon Web Services", + "common_name": "AWS", "alternate_names": null, - "notes": "Organization sourced from the Cloud Security Alliance public member roster. This entity entry was auto-generated to give each member a parallel identity record; the match_nodes array is empty pending human research into the organization's specific products and services.", + "notes": "Cloud computing subsidiary of Amazon.com, Inc. (secid:entity/amazon.com). AWS publishes security guidance through the Well-Architected Framework, Security Best Practices whitepapers, and service-specific security documentation. Products and services resolve under this namespace, e.g. secid:entity/aws.amazon.com/s3.", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/azure.microsoft.json b/registry/entity/com/azure.microsoft.json new file mode 100644 index 0000000..8a9c263 --- /dev/null +++ b/registry/entity/com/azure.microsoft.json @@ -0,0 +1,20 @@ +{ + "schema_version": "1.0", + "namespace": "azure.microsoft.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated to give Microsoft's cloud business a canonical namespace, parallel to its parent Microsoft Corporation (secid:entity/microsoft.com). Also resolvable via the parent product catalog as secid:entity/microsoft.com/azure.", + "official_name": "Microsoft Azure", + "common_name": "Azure", + "alternate_names": null, + "notes": "Cloud computing platform and business of Microsoft Corporation (secid:entity/microsoft.com). This namespace is the canonical home for the cloud business; Azure also appears in the Microsoft product catalog at secid:entity/microsoft.com/azure.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://azure.microsoft.com" + } + ], + "match_nodes": [] +} diff --git a/registry/entity/com/cloud.google.json b/registry/entity/com/cloud.google.json new file mode 100644 index 0000000..e988b83 --- /dev/null +++ b/registry/entity/com/cloud.google.json @@ -0,0 +1,22 @@ +{ + "schema_version": "1.0", + "namespace": "cloud.google.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated to give Google's cloud business a canonical namespace, parallel to its parent Google LLC (secid:entity/google.com).", + "official_name": "Google Cloud", + "common_name": "GCP", + "alternate_names": [ + "Google Cloud Platform" + ], + "notes": "Cloud computing business of Google LLC (secid:entity/google.com). Products and services resolve under this namespace.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://cloud.google.com" + } + ], + "match_nodes": [] +} diff --git a/registry/entity/com/cloud.ibm.json b/registry/entity/com/cloud.ibm.json new file mode 100644 index 0000000..2182294 --- /dev/null +++ b/registry/entity/com/cloud.ibm.json @@ -0,0 +1,20 @@ +{ + "schema_version": "1.0", + "namespace": "cloud.ibm.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated to give IBM's cloud business a canonical namespace, parallel to its parent IBM (secid:entity/ibm.com).", + "official_name": "IBM Cloud", + "common_name": null, + "alternate_names": null, + "notes": "Cloud computing business of International Business Machines Corporation (secid:entity/ibm.com). Products and services resolve under this namespace.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://cloud.ibm.com" + } + ], + "match_nodes": [] +} diff --git a/registry/entity/com/cloud.oracle.json b/registry/entity/com/cloud.oracle.json index dc093b9..6ba3c43 100644 --- a/registry/entity/com/cloud.oracle.json +++ b/registry/entity/com/cloud.oracle.json @@ -4,10 +4,10 @@ "type": "entity", "status": "draft", "status_notes": "Auto-generated stub from the CSA public member list (csa-website-members-2026-06-08). Identity is the member's name and primary domain; match_nodes are empty pending human review to add product/service patterns. CSA membership itself is a relationship-layer fact and is intentionally not encoded on this record.", - "official_name": "Oracle", - "common_name": null, + "official_name": "Oracle Cloud Infrastructure", + "common_name": "OCI", "alternate_names": null, - "notes": "Organization sourced from the Cloud Security Alliance public member roster. This entity entry was auto-generated to give each member a parallel identity record; the match_nodes array is empty pending human research into the organization's specific products and services.", + "notes": "Oracle's cloud computing business, a division of Oracle Corporation (secid:entity/oracle.com). Also resolvable via the parent product catalog as secid:entity/oracle.com/cloud; this namespace is the canonical home for the cloud business.", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/cloud.tencent.json b/registry/entity/com/cloud.tencent.json index 5f79d02..3e37d96 100644 --- a/registry/entity/com/cloud.tencent.json +++ b/registry/entity/com/cloud.tencent.json @@ -4,10 +4,10 @@ "type": "entity", "status": "draft", "status_notes": "Auto-generated stub from the CSA public member list (csa-website-members-2026-06-08). Identity is the member's name and primary domain; match_nodes are empty pending human review to add product/service patterns. CSA membership itself is a relationship-layer fact and is intentionally not encoded on this record.", - "official_name": "Tencent", + "official_name": "Tencent Cloud", "common_name": null, "alternate_names": null, - "notes": "Organization sourced from the Cloud Security Alliance public member roster. This entity entry was auto-generated to give each member a parallel identity record; the match_nodes array is empty pending human research into the organization's specific products and services.", + "notes": "Cloud computing business of Tencent Holdings Limited (secid:entity/tencent.com). Products and services resolve under this namespace.", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/google.json b/registry/entity/com/google.json index 0d5786a..f3d7191 100644 --- a/registry/entity/com/google.json +++ b/registry/entity/com/google.json @@ -8,7 +8,7 @@ "official_name": "Google LLC", "common_name": "Google", "alternate_names": null, - "notes": "Google operates several security initiatives including the Open Source Vulnerabilities database (OSV), Project Zero security research team, and oss-fuzz continuous fuzzing for open source software.", + "notes": "Google operates several security initiatives including the Open Source Vulnerabilities database (OSV), Project Zero security research team, and oss-fuzz continuous fuzzing for open source software. Its cloud computing business is Google Cloud (secid:entity/cloud.google.com).", "wikidata": ["Q95"], "wikipedia": null, diff --git a/registry/entity/com/huawei.json b/registry/entity/com/huawei.json index 0ebfcae..d5120cb 100644 --- a/registry/entity/com/huawei.json +++ b/registry/entity/com/huawei.json @@ -4,10 +4,10 @@ "type": "entity", "status": "draft", "status_notes": "Auto-generated stub from CVE CNA disclosure data. Identity metadata copied from the matching disclosure entry; match_nodes are empty pending human review to add product/service patterns. See companion secid:disclosure/huawei.com/cna for the vulnerability-reporting program.", - "official_name": "Huawei Technologies", - "common_name": null, + "official_name": "Huawei Technologies Co., Ltd.", + "common_name": "Huawei", "alternate_names": null, - "notes": "Organization with a CVE Numbering Authority (CNA) disclosure program. See secid:disclosure/huawei.com/cna for vulnerability-reporting channels and contacts. This entity entry was auto-generated to ensure each CNA-vendor has a parallel identity record; the match_nodes array is empty pending human research into the vendor's specific products and services.", + "notes": "Parent company. Its cloud computing business is Huawei Cloud (secid:entity/huaweicloud.com). Operates a CVE Numbering Authority (CNA) disclosure program — see secid:disclosure/huawei.com/cna for vulnerability-reporting channels and contacts.", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/huaweicloud.json b/registry/entity/com/huaweicloud.json index affd3a2..047d64c 100644 --- a/registry/entity/com/huaweicloud.json +++ b/registry/entity/com/huaweicloud.json @@ -5,9 +5,9 @@ "status": "draft", "status_notes": "Auto-generated stub from the CSA public member list (csa-website-members-2026-06-08). Identity is the member's name and primary domain; match_nodes are empty pending human review to add product/service patterns. CSA membership itself is a relationship-layer fact and is intentionally not encoded on this record.", "official_name": "Huawei Cloud Computing Technologies Co., Ltd.", - "common_name": null, + "common_name": "Huawei Cloud", "alternate_names": null, - "notes": "Organization sourced from the Cloud Security Alliance public member roster. This entity entry was auto-generated to give each member a parallel identity record; the match_nodes array is empty pending human research into the organization's specific products and services.", + "notes": "Cloud computing subsidiary of Huawei Technologies Co., Ltd. (secid:entity/huawei.com). Products and services resolve under this namespace.", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/ibm.json b/registry/entity/com/ibm.json index ea13ed5..f5f2024 100644 --- a/registry/entity/com/ibm.json +++ b/registry/entity/com/ibm.json @@ -9,7 +9,7 @@ "alternate_names": [ "International Business Machines" ], - "notes": "IBM publishes AI governance frameworks and security guidance.", + "notes": "IBM publishes AI governance frameworks and security guidance. Its cloud computing business is IBM Cloud (secid:entity/cloud.ibm.com).", "wikidata": null, "wikipedia": null, "urls": [ diff --git a/registry/entity/com/microsoft.json b/registry/entity/com/microsoft.json index 6fb7d5f..71232c1 100644 --- a/registry/entity/com/microsoft.json +++ b/registry/entity/com/microsoft.json @@ -8,7 +8,7 @@ "official_name": "Microsoft Corporation", "common_name": "Microsoft", "alternate_names": null, - "notes": "Technology company providing operating systems, cloud services, productivity software, and security solutions. Acquired GitHub (2018), LinkedIn (2016), Nuance (2022). Operates comprehensive security programs including MSRC (Patch Tuesday releases), Microsoft Threat Intelligence Center (MSTIC), and multiple bug bounty programs.", + "notes": "Technology company providing operating systems, cloud services, productivity software, and security solutions. Acquired GitHub (2018), LinkedIn (2016), Nuance (2022). Operates comprehensive security programs including MSRC (Patch Tuesday releases), Microsoft Threat Intelligence Center (MSTIC), and multiple bug bounty programs. Its cloud computing business is Microsoft Azure (secid:entity/azure.microsoft.com).", "wikidata": ["Q2283"], "wikipedia": null, "established": 1975, diff --git a/registry/entity/com/oracle.json b/registry/entity/com/oracle.json index b2611ed..eb861ec 100644 --- a/registry/entity/com/oracle.json +++ b/registry/entity/com/oracle.json @@ -10,7 +10,7 @@ "official_name": "Oracle Corporation", "common_name": "Oracle", "alternate_names": null, - "notes": "Major enterprise software company. Products include Oracle Database, Java SE, WebLogic, MySQL, Oracle Cloud, Oracle Linux. Releases security patches quarterly through Critical Patch Updates (CPUs).", + "notes": "Major enterprise software company. Products include Oracle Database, Java SE, WebLogic, MySQL, Oracle Cloud, Oracle Linux. Releases security patches quarterly through Critical Patch Updates (CPUs). Its cloud computing business is Oracle Cloud Infrastructure (secid:entity/cloud.oracle.com).", "wikidata": null, "wikipedia": null, diff --git a/registry/entity/com/tencent.json b/registry/entity/com/tencent.json new file mode 100644 index 0000000..802836b --- /dev/null +++ b/registry/entity/com/tencent.json @@ -0,0 +1,20 @@ +{ + "schema_version": "1.0", + "namespace": "tencent.com", + "type": "entity", + "status": "draft", + "status_notes": "Hand-curated parent-company record, parallel to its cloud business Tencent Cloud (secid:entity/cloud.tencent.com).", + "official_name": "Tencent Holdings Limited", + "common_name": "Tencent", + "alternate_names": null, + "notes": "Parent company. Its cloud computing business is Tencent Cloud (secid:entity/cloud.tencent.com), where cloud products and CVEs attach. This record identifies the corporation, not the cloud business.", + "wikidata": null, + "wikipedia": null, + "urls": [ + { + "type": "website", + "url": "https://www.tencent.com" + } + ], + "match_nodes": [] +}