[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal



On 3/22/17 3:31 PM, Kurt Seifried wrote:
> So the DWF will require the ASSIGNER, and ideally also the 
> 
> "source":{

Same questions then for source.  Should ASSIGNER and source be required
in the minimum CVE entry?

What I'm really interested in is who assigned the entry (and is likely
responsible if there are issues) and the (best reasonably available)
source public reference.

Maybe what I'm thinking of is a separate or special case of
"references", or that a minimum entry must contain at least one public
source "references" for the vulnerability.

 - Art

> On Wed, Mar 22, 2017 at 12:52 PM, Art Manion <amanion@cert.org
> <mailto:amanion@cert.org>> wrote:
>
>     Should ASSIGNER be required as part of the minimal example?  I'd 
> say
>     yes.
> 
>     ASSIGNER is currently an email address, should it be a CNA name?  
> I'd
>     say maybe, someone would otherwise have to map email addresses to 
> CNAs.
> 
>      - Art
> 
> 
> 
> 
> -- 
> Kurt Seifried
> kurt@seifried.org <mailto:kurt@seifried.org>


Page Last Updated or Reviewed: March 22, 2017