[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CNA Rules Announcement



On 2016-10-12 01:43, Chandan Nandakumaraiah wrote:

>> https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/JSON-file-format.md
> 
> I did suggest that this should be considered by the OASIS TC.
> 
>> The protocol is JSON based and can contain typical JSON types, and 
>> text,
>> and point to other files in certain areas (e.g. the artifacts). Long
>> term I want to find a better way to attach/embed data (such as the 
>> SWID
>> in AFFECTS thing). 

Let me take this chance to say:  No hand-jamming JSON or XML. Need tool
support.  I tried two DWF JSON formats by hand (Javascript editor in
browser) and it was horrible.  YAML maybe?

It would be great to see the following efforts aligned, or at least
cross-compatible:

CVRF v.new
CVE minimum viable request
DWF JSON
Red Hat/OpenSSL XML
NIST/NVD ontology
VRDX vxref (only used for references, not a full vulnerability record)
and probably something else I'm forgetting

Minimum viable product and actual use cases.

 - Art


Page Last Updated or Reviewed: October 12, 2016