[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE-CNA JSON Format Proposal


  To follow-up on this have your concerns in the ensuing conversation 
been addressed enough? Or what specifically would you like to see in 
order to accept the proposal?



-----Original Message-----
From: Art Manion [mailto:amanion@cert.org] 
Sent: Wednesday, March 22, 2017 3:35 PM
To: Booth, Harold (Fed) <harold.booth@nist.gov>; 
Subject: Re: CVE-CNA JSON Format Proposal

On 3/21/17 9:36 AM, Booth, Harold (Fed) wrote:

> The working group is proposing that the format available at 
> https://github.com/CVEProject/automation-working-group/blob/master/cve
> _json_schema/DRAFT-JSON-file-format-v4.md
> be used as the structured format for CNAs to submit CVE information 
> effective as soon as the this recommendation has been accepted by the 
> board.

I consider my ASSIGNER question to be a non-accepting issue (pending 
further discussion).

A couple other issues that can wait for further revisions:

1. Use of vxref for references in CVE:


2. Assuming CVSS-SIG produces a CVSSv3 JSON spec, include that as an 
extended/optional part of the CVE spec.

 - Art

Page Last Updated or Reviewed: April 03, 2017