Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider Adding CVE (Common Vulnerabilities & Exposures) as a Schema #758

Open
jpsherman opened this issue Sep 4, 2015 · 2 comments
Open

Consider Adding CVE (Common Vulnerabilities & Exposures) as a Schema #758

jpsherman opened this issue Sep 4, 2015 · 2 comments
Labels
no-issue-activity Discuss has gone quiet. Auto-tagging to encourage people to re-engage with the issue (or close it!). schema.org vocab General top level tag for issues on the vocabulary

Comments

@jpsherman
Copy link

Working in the software industry, it is common to have a new common vulnerability and exposure come up - from Heartbleed to Shellshock to Poodle, it would be helpful to create a new schema that addresses the unique properties of the CVE.

New Schema Itemtypes

  • severity
    critical, important, moderate & low (based on impact)
    https://access.redhat.com/security/updates/classification
  • affectedProduct
    this is text that describes the product or products that are affected by the vulnerability - from browsers like Chrome to Software like Windows95
  • cveName
    the common name of the CVE (shellshock, heartbleed)
  • cveId
    CVE prefix Year Arbitrary Digits
    IMPORTANT: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include 4 digits.

https://cve.mitre.org/cve/identifiers/syntaxchange.html

Existing Schema ItemTypes

  • dependencies
  • aticleSection
  • about
  • accountablePerson
  • alternativeHeadline
  • author
  • contributor
  • dateCreated
  • dateModified
  • datePublished
  • headline
  • inLanguage
  • sourceOrganization
  • description

I would appreciate any feedback and discussion on this. (side note, this is my first recommendation for this group, so I'd appreciate any feedback on how to better be suggest schema)

Regards.
@danbri danbri added the schema.org vocab General top level tag for issues on the vocabulary label Sep 8, 2015
@dbs
Copy link
Contributor

dbs commented Sep 13, 2015

Please use "name" and "alternateName" instead of "headline" and "alternativeHeadline", per #423 and friends.

@github-actions
Copy link

This issue is being tagged as Stale due to inactivity.

@github-actions github-actions bot added the no-issue-activity Discuss has gone quiet. Auto-tagging to encourage people to re-engage with the issue (or close it!). label Aug 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
no-issue-activity Discuss has gone quiet. Auto-tagging to encourage people to re-engage with the issue (or close it!). schema.org vocab General top level tag for issues on the vocabulary
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danbri @dbs @jpsherman