[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Automation Working Group Recommendation - 01-17-2017

Do you have a timeline so we have the time to review it?  Otherwise we may want to push out the Response period.



Kent Landfield



From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Kurt Seifried <kseifried@redhat.com>
Date: Thursday, January 19, 2017 at 9:25 AM
To: "Booth, Harold (Fed)" <harold.booth@nist.gov>
Cc: "cve-editorial-board-list@lists.mitre.org" <cve-editorial-board-list@lists.mitre.org>
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017




On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <harold.booth@nist.gov> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.


Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 



Response Period: One Week:  January 26, 2017





Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 

Page Last Updated or Reviewed: January 19, 2017