[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-CNA JSON Format Proposal



On 3/28/17 11:17 AM, Waltermire, David A. (Fed) wrote:

>> In a more distributed CVE world, I envision CNAs publishing CVE JSON (...over
>> a standard transport like RSS/Atom...) and users choosing which feeds to
>> consume.  MITRE and any other aggregators could consume all the CNA
>> feeds, hopefully automating that part of the process.
>
> We have been working in the IETF on a profile of ATOMPub called ROLIE
> to support this type of use case. The specification draft is nearing
> publication, so now is a good time to get more review.
>
> The draft can be found here:
> https://datatracker.ietf.org/doc/html/draft-ietf-mile-rolie. Comments
> should be sent to the IETF MILE mailing list (mailto:mile@ietf.org).
>
> Stephen and I have plans to define a ROLIE extension to address the
> vulnerability information type. We would welcome collaborators from
> the CVE board to help us on creating this draft. Please let me know
> if you're interested.

I'd suggest this as an item for the automation group to take up.

 - Art

Page Last Updated or Reviewed: April 05, 2017