[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: version range defined in CVE JSON 5.0
Dear members,
We had a short discussion about product version range and how CVE
JSON covers it in our last meeting.
I took a look into the latest CVE JSON 5.0 schema (https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json). Two simple cases for version range are covered as an optional way:
"oneOf": [
{
"required": ["version", "status"],
"maxProperties": 2
},
{
"required": ["version", "status", "versionType"],
"oneOf": [
{"required": ["lessThan"]},
{"required": ["lessThanOrEqual"]}
]
}
Ideally, it would be great that the version info defined in CSAF and CVE JSON 5.0 would be the same. But the diversion will happen if "product_version_range" is used in CSAF.
On a positive note, "product_status" in CSAF has more categories than "status" in CVE JSON 5.0, which allows CSAF to provide more value.
Thanks,
--Feng
--Feng
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]