[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CNA Rules Announcement

For some time the upstreams I've been involved with have used yet another mechanism for listing vulnerabilities, a custom XML:


These are the source documents; the idea being this is easily automatically converted by stylesheets to web pages for those projects, as well as allowing conversion to CVRF or whatever-Mitre-wants given the new CNA rules.

We're not adverse to changing these to some other format, and have already been looking at switching to CVRF for the base in OpenSSL for example.


Page Last Updated or Reviewed: October 12, 2016