[EXT] Re: CVE User Registry Kick off meeting

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[EXT] Re: CVE User Registry Kick off meeting

Kurt Seifried-2
I'm going to suggest we put the CVE User Registry on hold since  it appears to have minimal interest (just myself and Chandan). Does anyone strongly object (and want to step in?). 

On Fri, Jan 25, 2019 at 2:08 PM Chandan B N <[hidden email]> wrote:


On Fri, Jan 25, 2019 at 11:33 AM Kurt Seifried <[hidden email]> wrote:
Part of the initial format is making it easily extensible/changeable, I want to see what the market decides to add/etc. OTOH I may be overly optimistic, this flexibility hasn't been used with the CVE JSON format as hoped. 

Completely agree that it should be extensible and changeable.
IMHO starting with a simpler format and structure makes it easy to extend and change, easy for adoption and use.
Complicated JSON (mixed object arrays) makes it harder to change and extend (and use).
i.e if I add a different type of object to that mixed object array, it may fail some schema validation

Thanks,
-Chandan
 
On Wed, Jan 16, 2019 at 5:32 PM Chandan B N <[hidden email]> wrote:
Hi Kurt,

Some feedback on the JSON inline:

On Mon, Jan 7, 2019 at 12:02 PM Kurt Seifried <[hidden email]> wrote:

Arrays of different object types are difficult to deal with (eg., CVE_user_data_properties and CVE_user_data_capabilities).
That kinda defeats the advantage of NoSQL simplicity. Queries would become unnecessarily complex.

Suggested simplifications are here

Starting the data modeling with a mindmap may help keep elements organized and reduce complexity.

Thanks,
-Chandan


--
Kurt Seifried
[hidden email]


--
Kurt Seifried
[hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: [EXT] Re: CVE User Registry Kick off meeting

Levendis, Chris
It should move forward now as it is a core part of the infrastructure services. 

MITRE can step up if that’s helpful. 

C


Sent with BlackBerry Work
(www.blackberry.com)

From: Kurt Seifried <[hidden email]>
Date: Sunday, Feb 03, 2019, 10:54 PM
To: Chandan B N <[hidden email]>, CVE Editorial Board Discussion <[hidden email]>
Subject: [EXT] Re: CVE User Registry Kick off meeting

I'm going to suggest we put the CVE User Registry on hold since  it appears to have minimal interest (just myself and Chandan). Does anyone strongly object (and want to step in?). 

On Fri, Jan 25, 2019 at 2:08 PM Chandan B N <[hidden email]> wrote:


On Fri, Jan 25, 2019 at 11:33 AM Kurt Seifried <[hidden email]> wrote:
Part of the initial format is making it easily extensible/changeable, I want to see what the market decides to add/etc. OTOH I may be overly optimistic, this flexibility hasn't been used with the CVE JSON format as hoped. 

Completely agree that it should be extensible and changeable.
IMHO starting with a simpler format and structure makes it easy to extend and change, easy for adoption and use.
Complicated JSON (mixed object arrays) makes it harder to change and extend (and use).
i.e if I add a different type of object to that mixed object array, it may fail some schema validation

Thanks,
-Chandan
 
On Wed, Jan 16, 2019 at 5:32 PM Chandan B N <[hidden email]> wrote:
Hi Kurt,

Some feedback on the JSON inline:

On Mon, Jan 7, 2019 at 12:02 PM Kurt Seifried <[hidden email]> wrote:

Arrays of different object types are difficult to deal with (eg., CVE_user_data_properties and CVE_user_data_capabilities).
That kinda defeats the advantage of NoSQL simplicity. Queries would become unnecessarily complex.

Suggested simplifications are here

Starting the data modeling with a mindmap may help keep elements organized and reduce complexity.

Thanks,
-Chandan


--
Kurt Seifried
[hidden email]


--
Kurt Seifried
[hidden email]