[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal

So the DWF will require the ASSIGNER, and ideally also the 

"discovered_by":"name of discover",
"discovered_with":"name of parties involved",
"string initial CNA",
"string Parent CNA",
"string root CNA"
would be automatically created as the CVE flows through the CNA chain to the DWF and then MITRE hopefully. 

On Wed, Mar 22, 2017 at 12:52 PM, Art Manion <amanion@cert.org> wrote:
On 3/21/17 9:36 AM, Booth, Harold (Fed) wrote:

> The working group is proposing that the format available at
> https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
> be used as the structured format for CNAs to submit CVE information
> effective as soon as the this recommendation has been accepted by the board.

This partially came up on today's board call:

Should ASSIGNER be required as part of the minimal example?  I'd say yes.

ASSIGNER is currently an email address, should it be a CNA name?  I'd
say maybe, someone would otherwise have to map email addresses to CNAs.

 - Art

Kurt Seifried

Page Last Updated or Reviewed: March 29, 2017