RE: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation

["Theall, George A" <gtheall@mitre.org>]

Hi Kent,

Exactly. The comes from the draft 4.0 spec; eg, see the minimal 
structure needed for CVE examples.

George

-----Original Message-----
From: Landfield, Kent [mailto:Kent_Landfield@McAfee.com] 
Sent: Monday, April 02, 2018 9:18 AM
To: Theall, George A <gtheall@mitre.org>; cve-editorial-board-list 
<cve-editorial-board-list@lists.mitre.org>
Cc: cve-board-auto-list <cve-board-auto-list@lists.mitre.org>
Subject: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's 
Participation

Hi George, 

 

Quick question. For the language used, are we focusing on the three 
letter ISO 639-2 as the basis for language representation?  I did not 
see that anywhere (but I really didn’t look that hard…)

 

Thank you, Gracias, Grazie,  谢谢, Merci!, Спасибо!, Danke!, ありがとう, 
धन्यवाद!

-- 

Kent Landfield

+1.817.637.8026

kent_landfield@mcafee.com

 

From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of 
"Theall, George A" <gtheall@mitre.org>
Date: Friday, March 30, 2018 at 11:09 AM
To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
Cc: cve-board-auto-list <cve-board-auto-list@lists.mitre.org>
Subject: RE: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's 
Participation

 

After further discussion, we have minor changes to the original 
proposal -- instead of "source", an attribute named "refsource" will be 
used for the reference source, and the "name" attribute will be 
populated for all sources, even "CONFIRM" and "MISC". 

 

Attached is an example of the JSON for CVE-2017-5753 using the modified 
proposal.

 

If there are concerns from members of the Board, please let us know and 
we will discuss in the call next Wednesday. Absent any sustained 
objections, we are looking to put the changes into effect next Thursday.

 

George

 

-----Original Message-----

From: owner-cve-editorial-board-list@lists.mitre.org 
<mailto:owner-cve-editorial-board-list@lists.mitre.org>  
[mailto:owner-cve-editorial-board-list@lists.mitre.org 
<mailto:owner-cve-editorial-board-list@lists.mitre.org> ] On Behalf Of 
Theall, George A

Sent: Thursday, March 01, 2018 7:51 AM

To: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org 
<mailto:cve-editorial-board-list@lists.mitre.org> >

Cc: cve-board-auto-list <cve-board-auto-list@lists.mitre.org 
<mailto:cve-board-auto-list@lists.mitre.org> >

Subject: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's 
Participation

 

To support NVD's participation in the git pilot, MITRE proposes to add 
one or two attributes to reference objects in the CVE JSON files in the 
cvelist repo, which will allow NIST to regenerate the CVE List from the 
repo rather than having to rely on an older download file 
(allitems.xml). Specifically, we propose to add the following 
attributes :

 

 

- "source", which represents the source of the reference. It will have 
one of the values listed at https://cve.mitre.org/data/refs/#sources 
<https://cve.mitre.org/data/refs/#sources> ; eg, "CERT-VN", "CISCO", 
"CONFIRM", "REDHAT", etc.

 

 

- "name", which is a string that helps identify the reference among 
others in the same source; eg, "VU#584653" (for CERT-CC), "20180104 CPU 
Side-Channel Information Disclosure Vulnerabilities" (for "CISCO") 
"RHSA-2018:0292" (for "REDHAT"), etc. Note that, while MITRE uses the 
reference URL as the name for the "CONFIRM" and "MISC" sources in the 
CVE List, we plan to omit this attribute for those two sources.

 

 

If there are objections from anyone on the Board list, please let us 
know and we will discuss in the next call. Otherwise, we will proceed 
with the change and implement early next week

 

 

 

George

 

--

 

gtheall@mitre.org <mailto:gtheall@mitre.org> 

 

The MITRE Corporation