[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE Automation Working Group Recommendation - 01-17-2017

Please note the recommendation below was about the process to get to the final schema and not about the final schema itself. I would hope that the comments collection process would allow for the addressing of issues to allow for an acceptable final schema.




From: Landfield, Kent B [mailto:kent.b.landfield@intel.com]
Sent: Thursday, January 19, 2017 10:33 AM
To: Kurt Seifried <kseifried@redhat.com>; Booth, Harold (Fed) <harold.booth@nist.gov>
Cc: cve-editorial-board-list@lists.mitre.org
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017


Do you have a timeline so we have the time to review it?  Otherwise we may want to push out the Response period.



Kent Landfield



From: <owner-cve-editorial-board-list@lists.mitre.org> on behalf of Kurt Seifried <kseifried@redhat.com>
Date: Thursday, January 19, 2017 at 9:25 AM
To: "Booth, Harold (Fed)" <harold.booth@nist.gov>
Cc: "cve-editorial-board-list@lists.mitre.org" <cve-editorial-board-list@lists.mitre.org>
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017




On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <harold.booth@nist.gov> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.


Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 



Response Period: One Week:  January 26, 2017





Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 

Page Last Updated or Reviewed: January 19, 2017