[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal



On 4/3/17 2:15 PM, Booth, Harold (Fed) wrote:

> To follow-up on this have your concerns in the ensuing conversation
> been addressed enough? Or what specifically would you like to see in
> order to accept the proposal?

Making ASSIGNER mandatory addresses my concern and I'd accept the proposal.

These other two issues can wait for future discussion and revision:

> 1. Use of vxref for references in CVE:
>
> https://github.com/FIRSTdotorg/vrdx-sig-vxref-wip/blob/master/vxref/schema/vxref_schema_03.json
>
> 2. Assuming CVSS-SIG produces a CVSSv3 JSON spec, include that as an extended/optional part of the CVE spec.

In talking to George about the JSON schemas and Node CVE request form
he's working on, another issue came up.  This may be irrelevant or
something specific to JSON (and not the CVE schema).  Is there any
concern or need to specify that CVE JSON is one blob/record per file?
This might get into the transport question and ATOMPub/ROLIE.

 - Art

Page Last Updated or Reviewed: April 04, 2017