[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal



So the DWF will require the ASSIGNER, and ideally also the 

"source":{
"discovered_by":"name of discover",
"discovered_with":"name of parties involved",
"verification":"string",
"cna_chain":[
"string initial CNA",
"string Parent CNA",
"string root CNA"
]
},
would be automatically created as the CVE flows through the CNA chain to the DWF and then MITRE hopefully. 

On Wed, Mar 22, 2017 at 12:52 PM, Art Manion <amanion@cert.org> wrote:
On 3/21/17 9:36 AM, Booth, Harold (Fed) wrote:

> The working group is proposing that the format available at
> https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md
> be used as the structured format for CNAs to submit CVE information
> effective as soon as the this recommendation has been accepted by the board.

This partially came up on today's board call:

Should ASSIGNER be required as part of the minimal example?  I'd say yes.

ASSIGNER is currently an email address, should it be a CNA name?  I'd
say maybe, someone would otherwise have to map email addresses to CNAs.

 - Art



--
Kurt Seifried
kurt@seifried.org

Page Last Updated or Reviewed: March 29, 2017