[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

MITRE can now accept CVE ID publication notifications formatted in JSON



Greetings,

 

Thanks to the efforts of the CVE Automation Working Group, MITRE can accept CVE ID publication notifications formatted in JSON. This is in addition to using the file formats described in Appendix B of the CNA Rules.

 

The format specification is here:

<https://github.com/CVEProject/automation-working-group/blob/master/cve_json_schema/DRAFT-JSON-file-format-v4.md>

 

The full specification and some examples are listed here:

<https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema>

 

You can submit a request using the JSON format to notify MITRE that a CVE ID entry is ready to be published. You can send this request through the CVE Request form:

 

Choose "Notify CVE about a publication", enter the link to the advisory and CVE IDs in the required fields, and add the JSON-formatted data into the "Additional information and CVE ID description updates" field.

 

Note, you can update multiple CVE IDs with the same request as shown in the "Minimal example needed for CVE [multiple entries]" on the format specification page. 

 

If you have any questions or feedback on the JSON format or its use, please submit that feedback through the CVE Request form or by emailing cve@mitre.org.

 

Thanks, and many thanks to everyone who worked to develop this new format standard.

 

-Dan, for the CVE Team

 

 


Page Last Updated or Reviewed: April 19, 2017