-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add version to CWE #660
Labels
Comments
Thomas Schmidt proposed a motion, as detailed in this OASIS mailing list archive, to add a CWE version to CSAF v2.1 and later data files. Stefan Hagen seconded the motion. There were no discussions or objections raised, and consequently, the motion was automatically passed on November 1, 2023, at 20:00 UTC. |
Todos:
|
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 23, 2024
- addresses parts of oasis-tcs#660 - add `version` as new required field to `cwe`
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 23, 2024
- addresses parts of oasis-tcs#660 - adopt prose to reflect schema - add CSAF 2.0 to CSAF 2.1 conversion rule - copy conversion rule to CVRF CSAF converter
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 23, 2024
- addresses parts of oasis-tcs#660 - adopt testdata to reflect current version of the schema - adopt examples to reflect current version of the schema
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#660 - add invalid examples for 6.1.11 - add valid examples for 6.1.11 - explicitly state in 6.1.11 that CWE Views and Categories are not valid
tschmidtb51
added a commit
to tschmidtb51/csaf
that referenced
this issue
May 25, 2024
- addresses parts of oasis-tcs#530, oasis-tcs#660 - add `/vulnerabilities[]/cwes[]/version` to guidance on size - add `/vulnerabilities[]/cwes` to guidance on size - adopt pathes to match schema
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
CWE list changes over time (see https://cwe.mitre.org/data/archive.html). As we always check against the latest version this might result in invalid documents over time, e.g., if old CWEs get deprecated. To avoid these issues and aid in validation, we should add a version to CWE and declare a minimum acceptable version.
Here is an example, how this would look:
The JSON schema definition would unfold as:
The text was updated successfully, but these errors were encountered: