[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (CSAF-29) Decide on the degree of constraints fullfilled by CSAF CVRF snippets proxying CVSS content
Stefan Hagen created CSAF-29:
--------------------------------
Summary: Decide on the degree of constraints fullfilled by CSAF CVRF snippets proxying CVSS content
Key: CSAF-29
URL: https://issues.oasis-open.org/browse/CSAF-29
Project: OASIS Common Security Advisory Framework (CSAF) TC
Issue Type: Task
Environment: [Proposed]
Reporter: Stefan Hagen
We should decide on the degree up to which we mirror / enforce constraints from proxied domain solutions / rule sets.
Sample: CVSS
A sample draft for a JSON schema of CVSS v3 has been sent to this list, which indicates, that not only the BaseScore, but also the Vector is a required element of such a "CVSS" document.
To maintain version over arching robust embedding and at the same time allow round trip transport of foreign defined "snippets" we should decide on what we enforce (and ideally as a general guideline for all "referred" / proxied domain "snippets").
It is further suggested to start always considering the envisioned CSAF version 2.0 format agnostic (at least XML and JSON) with any decisions on ordering, cardinality, containment rules etc. to not build up technical debt and avoid format biased architectural decisions.
--
This message was sent by Atlassian JIRA
(v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]