[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CNA Rules Announcement
- To: Chandan Nandakumaraiah <cbn@juniper.net>, Kurt Seifried <kseifried@redhat.com>
- Subject: Re: CNA Rules Announcement
- From: Art Manion <amanion@cert.org>
- Date: Wed, 12 Oct 2016 09:19:34 -0400
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=cert.org;mitre.org; dkim=none (message not signed) header.d=none;
- Cc: "Booth, Harold (Fed)" <harold.booth@nist.gov>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>, cve-cna-list <cve-cna-list@LISTS.MITRE.ORG>
- Delivery-date: Wed Oct 12 17:13:15 2016
- In-reply-to: <251834b1-a008-3d3c-797e-6507ad3082cb@juniper.net>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <MWHPR09MB1485225620B9A4E94B589A85A1C60@MWHPR09MB1485.namprd09.prod.outlook.com> <8958b557-5518-b383-8c2a-fe5089dc25d6@juniper.net> <CY4PR09MB1255129E06A8EEEFBFA9AB4CE6DA0@CY4PR09MB1255.namprd09.prod.outlook.com> <19b176ce-df69-89cd-ed8e-8b2553ec6e28@juniper.net> <CANO=Ty2HwiK-cqLBVShLmtwFVaLizQv9XNNAMMK-4S0zRO_pSA@mail.gmail.com> <251834b1-a008-3d3c-797e-6507ad3082cb@juniper.net>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
On 2016-10-12 01:43, Chandan Nandakumaraiah wrote: >> https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/JSON-file-format.md > > I did suggest that this should be considered by the OASIS TC. > >> The protocol is JSON based and can contain typical JSON types, and >> text, >> and point to other files in certain areas (e.g. the artifacts). Long >> term I want to find a better way to attach/embed data (such as the >> SWID >> in AFFECTS thing). Let me take this chance to say: No hand-jamming JSON or XML. Need tool support. I tried two DWF JSON formats by hand (Javascript editor in browser) and it was horrible. YAML maybe? It would be great to see the following efforts aligned, or at least cross-compatible: CVRF v.new CVE minimum viable request DWF JSON Red Hat/OpenSSL XML NIST/NVD ontology VRDX vxref (only used for references, not a full vulnerability record) and probably something else I'm forgetting Minimum viable product and actual use cases. - Art
- Follow-Ups:
- Re: CNA Rules Announcement
- From: Kurt Seifried <kseifried@redhat.com>
- Re: CNA Rules Announcement
- References:
- CNA Rules Announcement
- From: "Coffin, Chris" <ccoffin@mitre.org>
- RE: CNA Rules Announcement
- From: "Booth, Harold (Fed)" <harold.booth@nist.gov>
- Re: CNA Rules Announcement
- From: Kurt Seifried <kseifried@redhat.com>
- CNA Rules Announcement
- Prev by Date: Re: CNA Rules Announcement
- Next by Date: Re: CNA Rules Announcement
- Previous by thread: Re: CNA Rules Announcement
- Next by thread: Re: CNA Rules Announcement
- Index(es):
