CVE Automation Working Group Recommendation - 01-17-2017

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE Automation Working Group Recommendation - 01-17-2017

Booth, Harold (Fed)

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.

 

Response Period: One Week:  January 26, 2017

 

Reply | Threaded
Open this post in threaded view
|

Re: CVE Automation Working Group Recommendation - 01-17-2017

Kurt Seifried


On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <[hidden email]> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.


Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 
 

 

Response Period: One Week:  January 26, 2017

 




--

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: CVE Automation Working Group Recommendation - 01-17-2017

Landfield, Kent B

Do you have a timeline so we have the time to review it?  Otherwise we may want to push out the Response period.

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of Kurt Seifried <[hidden email]>
Date: Thursday, January 19, 2017 at 9:25 AM
To: "Booth, Harold (Fed)" <[hidden email]>
Cc: "[hidden email]" <[hidden email]>
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017

 

 

 

On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <[hidden email]> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.

 

Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 

 

 

Response Period: One Week:  January 26, 2017

 



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: CVE Automation Working Group Recommendation - 01-17-2017

Booth, Harold (Fed)

Please note the recommendation below was about the process to get to the final schema and not about the final schema itself. I would hope that the comments collection process would allow for the addressing of issues to allow for an acceptable final schema.

 

-Harold

 

From: Landfield, Kent B [mailto:[hidden email]]
Sent: Thursday, January 19, 2017 10:33 AM
To: Kurt Seifried <[hidden email]>; Booth, Harold (Fed) <[hidden email]>
Cc: [hidden email]
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017

 

Do you have a timeline so we have the time to review it?  Otherwise we may want to push out the Response period.

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of Kurt Seifried <[hidden email]>
Date: Thursday, January 19, 2017 at 9:25 AM
To: "Booth, Harold (Fed)" <[hidden email]>
Cc: "[hidden email]" <[hidden email]>
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017

 

 

 

On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <[hidden email]> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.

 

Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 

 

 

Response Period: One Week:  January 26, 2017

 



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: CVE Automation Working Group Recommendation - 01-17-2017

Landfield, Kent B

Got it.  Makes sense.  Thanks.

 

---

Kent Landfield

+1.817.637.8026

 

From: "Booth, Harold (Fed)" <[hidden email]>
Date: Thursday, January 19, 2017 at 9:51 AM
To: Kent Landfield <[hidden email]>, Kurt Seifried <[hidden email]>
Cc: "[hidden email]" <[hidden email]>
Subject: RE: CVE Automation Working Group Recommendation - 01-17-2017

 

Please note the recommendation below was about the process to get to the final schema and not about the final schema itself. I would hope that the comments collection process would allow for the addressing of issues to allow for an acceptable final schema.

 

-Harold

 

From: Landfield, Kent B [mailto:[hidden email]]
Sent: Thursday, January 19, 2017 10:33 AM
To: Kurt Seifried <[hidden email]>; Booth, Harold (Fed) <[hidden email]>
Cc: [hidden email]
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017

 

Do you have a timeline so we have the time to review it?  Otherwise we may want to push out the Response period.

 

---

Kent Landfield

+1.817.637.8026

 

From: <[hidden email]> on behalf of Kurt Seifried <[hidden email]>
Date: Thursday, January 19, 2017 at 9:25 AM
To: "Booth, Harold (Fed)" <[hidden email]>
Cc: "[hidden email]" <[hidden email]>
Subject: Re: CVE Automation Working Group Recommendation - 01-17-2017

 

 

 

On Thu, Jan 19, 2017 at 7:52 AM, Booth, Harold (Fed) <[hidden email]> wrote:

Proposed Recommendation

A working draft of the JSON format will be put forth on January 31st followed by a 30-day comment period. The working draft will start from the schema currently at https://github.com/distributedweaknessfiling/DWF-Documentation/blob/master/JSON-file-format-v4.md and will be published at  https://github.com/CVEProject/automation-working-group/tree/master/cve_json_schema. At the end of the comment period after addressing any comments, a final version will be produced that will be used by MITRE and the CNAs for the purpose of receiving CNA submissions. Work will continue to evolve the format to address additional use cases.

 

Please note it's not yet done, I got the basic structural changes done and documented (essentially all the new stuff), I need to merge in the version 3 JSON stuff now (e.g. how we do CVSSv2/3 and things like that). 

 

 

Response Period: One Week:  January 26, 2017

 



 

--

 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: 
[hidden email]