Comments (5)
I could imagine to extend the distribution
by an item called sharing_group
. A required id
would be a uuid
and there could be an optional human-readable name
. This should allow for such situations.
Note: CSAF documents that differ in content MUST use different /document/tracking/id
. Given your suggestion that can easily be done by appending the /document/distribution/sharing_group/id
to the /document/tracking/id
.
from csaf.
@boschpsirt Please also formally notify about the suggestion by writing to the csaf-comment mailing list (as soon as its back online).
from csaf.
I could imagine to extend the
distribution
by an item calledsharing_group
. A requiredid
would be auuid
and there could be an optional human-readablename
. This should allow for such situations.Note: CSAF documents that differ in content MUST use different
/document/tracking/id
. Given your suggestion that can easily be done by appending the/document/distribution/sharing_group/id
to the/document/tracking/id
.
Hi Thomas,
we agree with this proposal.
from csaf.
Another use case for the suggested field is access restricted advisories. The addition of this field will allow automatic decision which CSAF documents show be displayed/accessible by which group based on the sharing_group/id
. Therefore, it can also be used during the CVD process to provide data or an advisory stub automatically.
from csaf.
Call to action sent by @tschmidtb51
Requests that all TC members review the suggested object sharing_groups
within the next two weeks (2024-05-08) and comment in the issue directly.
https://groups.oasis-open.org/discussion/call-to-action-for-705
This should be discussed in the next meeting or a motion placed before the meeting on May 29th.
from csaf.
Related Issues (20)
- CPE pattern HOT 1
- Add mandatory test: CPE vs. `product_version_range` HOT 5
- CLA requirement HOT 3
- Enhancing CSAF Vision Through OWASP Juice Shop Integration HOT 1
- Add "Preconditions" item HOT 6
- v2.0 OS failed CPSR-coding in section 9.1.13 Conformance Clause 13: CSAF asset matching system
- Documentation of public_openpgp_keys HOT 1
- Offer multiple documents of one advisory
- Add optional test: `/document/tracking/id` not in `/document/title` HOT 2
- Add a new category "Platform" to the Product Branch
- Set `TLP:CLEAR` as default HOT 3
- suggestion: add a type to a link HOT 1
- feature request: make products optional for a score HOT 8
- Clarify relation of `search` and `filter` HOT 4
- Clarify Security consideration
- Add optional test: Warn on usage of deprecated CWE
- Add optional test: Suggest usage of latest version in CWE
- Add optional test: Warn if vulnerability mapping is not in state `allowed` HOT 1
- Add comment on timezones for sorting timestamps HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf.