New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify the involvements section (1) #220
Comments
@tolim: What about this use case: A security researcher (let's call him Bob) applies for a CVE and gets it granted by a CERT (let's call that CERT-XY). The vendor (say FooBar) states he is not affected. This brings us to the situation where:
I agree that the latter one is probably unlikely. Having written that example I think I see the problem too. The definition always refer to the vendor instead of referring to the party. |
- addresses part of oasis-tcs#220 and oasis-tcs#221 - add date into involvement section
- addresses part of oasis-tcs#220 and oasis-tcs#221 - rephrase descriptions to be more explicit - replace type with category
- addresses part of oasis-tcs#220 and oasis-tcs#221 - address questions regarding unclear use of vendor
- addresses part of oasis-tcs#220, oasis-tcs#221 and oasis-tcs#195 - add uniqueItems for list of involvements - add test "Multiple Definition in Involvements"
- addresses part of oasis-tcs#220, oasis-tcs#221 and oasis-tcs#195 - add test "Missing Date in Involvements"
After reviewing the pull request, I agree to keep |
Merged into the |
During the review of #205 there were some comments regarding the definitions and explanations use in the
involvements
property:@tolim stated in #205 (comment):
@sthagen replied in #205 (comment):
This issue is used to track the progress and provide a place for discussions.
The text was updated successfully, but these errors were encountered: