Comments (6)
I see a couple of options here:
- Go the machine-readable way and present options for the
preconditions
(Then, we need to discuss which ones.) - Specify "Precoditions" a fixed
title
for a vulnerability note (similar toCVE description
) - Add a human-readable field (probably the least favorable)
from csaf.
@boschpsirt Please also formally notify about the suggestion by writing to the csaf-comment mailing list (as soon as its back online).
from csaf.
As discussed in today's TC meeting (2024-03-27):
@boschpsirt The TC tends to incorporate solution 2 into the standard. Before I set the motion to do so, any final comments?
from csaf.
@tschmidtb51 we also prefer solution 2. Go for it :)
from csaf.
The motion to accept solution 2 as suggested in #706 and include it in CSAF 2.1 has passed. No objection was received and the motion automatically passed on 2024-04-04 15:00 UTC.
This was announced at: https://groups.oasis-open.org/discussion/motion-for-706
from csaf.
@boschpsirt: The comments mailing list is now back online. Please formally announce your suggestion there, e.g. through "Please see our suggest in Github Issue XYZ (https://github.com/oasis-tcs/csaf/issues/XYZ)."
Thank you!
from csaf.
Related Issues (20)
- CPE pattern HOT 1
- Add mandatory test: CPE vs. `product_version_range` HOT 5
- CLA requirement HOT 3
- Enhancing CSAF Vision Through OWASP Juice Shop Integration HOT 1
- Adding customer specific publisher sub-item HOT 5
- v2.0 OS failed CPSR-coding in section 9.1.13 Conformance Clause 13: CSAF asset matching system
- Documentation of public_openpgp_keys HOT 1
- Offer multiple documents of one advisory
- Add optional test: `/document/tracking/id` not in `/document/title` HOT 2
- Add a new category "Platform" to the Product Branch
- Set `TLP:CLEAR` as default HOT 3
- suggestion: add a type to a link HOT 1
- feature request: make products optional for a score HOT 9
- Clarify relation of `search` and `filter` HOT 4
- Clarify Security consideration
- Add optional test: Warn on usage of deprecated CWE
- Add optional test: Suggest usage of latest version in CWE
- Add optional test: Warn if vulnerability mapping is not in state `allowed` HOT 1
- Add comment on timezones for sorting timestamps HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from csaf.