[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE-CNA JSON Format Proposal



I am copying my co-author on ROLIE, Stephen Banghart.

> In a more distributed CVE world, I envision CNAs publishing CVE JSON 
> (...over
> a standard transport like RSS/Atom...) and users choosing which feeds 
> to
> consume.  MITRE and any other aggregators could consume all the CNA
> feeds, hopefully automating that part of the process.

We have been working in the IETF on a profile of ATOMPub called ROLIE 
to support this type of use case. The specification draft is nearing 
publication, so now is a good time to get more review. 

The draft can be found here: 
https://datatracker.ietf.org/doc/html/draft-ietf-mile-rolie. Comments 
should be sent to the IETF MILE mailing list (mailto:mile@ietf.org).

Stephen and I have plans to define a ROLIE extension to address the 
vulnerability information type. We would welcome collaborators from the 
CVE board to help us on creating this draft. Please let me know if 
you're interested.

Regards,
Dave

Page Last Updated or Reviewed: March 29, 2017