In a world ruled by chaotic causality, Heisenberg's uncertainty principle is only a natural limitation. Analysts only have their personal logic, experience and intuition to depend on in order to make judgments regarding the safety of a system. However, today's analysts are getting bombarded with large amounts of data coming from all kinds of security-related products, such as vulnerability scanners, anti-viruses, firewalls etc, causing information overload and data congestion. Thus, the question remains: How can analysts make a correct judgment regarding the vulnerabilities from which a system is suffering, especially when all the ammunition he/she possesses can not deal with such a complex, ever-changing environment? To this end, we believe that structuring knowledge/information regarding a specific domain in an object-oriented hierarchy tree, and providing a formal model to reason and construct possible scenarios of attacks, will provide an analyst with the necessary ammunition.