You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As suggested by @tolim we should analyze how useful and easy it would be to allow references to related or further databases (in addition to the CWE information). Cf. #102 for details.
Proposal:
Poll for use cases among the TC members and possibly via mailing list or this issue
I heard yesterday an interesting presentation about SSVC (Stakeholder-Specific Vulnerability Categorization). This might be interesting but I don't know whether we should try to include it in CSAF 2.0. There is more information available at CERTCC/SSVC. There is also a JSON schema which we could reference (unfortunately draft-04 which becomes deprecated for more and more libs. However, we could suggest to upgrade it to a later version...).
Just a note for posterity but the CVE JSON schema opted for a general-purpose taxonomy object to accommodate things like SSVC or ATT&CK: CVEProject/cve-schema#6. Personally, I prefer explicit attributes instead of general-purpose ones.
As suggested by @tolim we should analyze how useful and easy it would be to allow references to related or further databases (in addition to the CWE information). Cf. #102 for details.
Proposal:
The text was updated successfully, but these errors were encountered: