[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal



On 3/21/17 9:36 AM, Booth, Harold (Fed) wrote:

> The working group is proposing that the format available at
> https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
> be used as the structured format for CNAs to submit CVE information
> effective as soon as the this recommendation has been accepted by the 
> board.

I consider my ASSIGNER question to be a non-accepting issue (pending
further discussion).

A couple other issues that can wait for further revisions:

1. Use of vxref for references in CVE:


https://github.com/FIRSTdotorg/vrdx-sig-vxref-wip/blob/master/vxref/schema/vxref_schema_03.json

2. Assuming CVSS-SIG produces a CVSSv3 JSON spec, include that as an
extended/optional part of the CVE spec.

 - Art


Page Last Updated or Reviewed: March 29, 2017