[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE-CNA JSON Format Proposal
- To: "Booth, Harold (Fed)" <harold.booth@nist.gov>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>, "Theall, George A" <gtheall@mitre.org>
- Subject: Re: CVE-CNA JSON Format Proposal
- From: Art Manion <amanion@cert.org>
- Date: Mon, 3 Apr 2017 16:21:48 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;
- Delivery-date: Mon Apr 3 16:33:34 2017
- In-reply-to: <CY4PR09MB12553CFC040811ED64433DA5E6080@CY4PR09MB1255.namprd09.prod.outlook.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CY4PR09MB1255F37BD20E03336BDE025AE63D0@CY4PR09MB1255.namprd09.prod.outlook.com> <dd9416c4-50fa-79be-2b82-3c83fd532844@cert.org> <CY4PR09MB12553CFC040811ED64433DA5E6080@CY4PR09MB1255.namprd09.prod.outlook.com>
- Sender: "owner-cve-editorial-board-list@lists.mitre.org" <owner-cve-editorial-board-list@lists.mitre.org>
- Thread-index: AdKiRi2B7kRx+mQ9RUypWCI5bCW8bQA/TK8AAlibh+AABIdUAA==
- Thread-topic: CVE-CNA JSON Format Proposal
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
On 4/3/17 2:15 PM, Booth, Harold (Fed) wrote:
> To follow-up on this have your concerns in the ensuing conversation
> been addressed enough? Or what specifically would you like to see in
> order to accept the proposal?
Making ASSIGNER mandatory addresses my concern and I'd accept the proposal.
These other two issues can wait for future discussion and revision:
> 1. Use of vxref for references in CVE:
>
> https://github.com/FIRSTdotorg/vrdx-sig-vxref-wip/blob/master/vxref/schema/vxref_schema_03.json
>
> 2. Assuming CVSS-SIG produces a CVSSv3 JSON spec, include that as an extended/optional part of the CVE spec.
In talking to George about the JSON schemas and Node CVE request form
he's working on, another issue came up. This may be irrelevant or
something specific to JSON (and not the CVE schema). Is there any
concern or need to specify that CVE JSON is one blob/record per file?
This might get into the transport question and ATOMPub/ROLIE.
- Art
> To follow-up on this have your concerns in the ensuing conversation
> been addressed enough? Or what specifically would you like to see in
> order to accept the proposal?
Making ASSIGNER mandatory addresses my concern and I'd accept the proposal.
These other two issues can wait for future discussion and revision:
> 1. Use of vxref for references in CVE:
>
> https://github.com/FIRSTdotorg/vrdx-sig-vxref-wip/blob/master/vxref/schema/vxref_schema_03.json
>
> 2. Assuming CVSS-SIG produces a CVSSv3 JSON spec, include that as an extended/optional part of the CVE spec.
In talking to George about the JSON schemas and Node CVE request form
he's working on, another issue came up. This may be irrelevant or
something specific to JSON (and not the CVE schema). Is there any
concern or need to specify that CVE JSON is one blob/record per file?
This might get into the transport question and ATOMPub/ROLIE.
- Art
- References:
- RE: CVE-CNA JSON Format Proposal
- From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- RE: CVE-CNA JSON Format Proposal
- Prev by Date: RE: CVE-CNA JSON Format Proposal
- Next by Date: Re: CVE-CNA JSON Format Proposal
- Previous by thread: RE: CVE-CNA JSON Format Proposal
- Next by thread: Re: CVE-CNA JSON Format Proposal
- Index(es):
