Consider Adding CVE (Common Vulnerabilities & Exposures) as a Schema #758
Labels
no-issue-activity
Discuss has gone quiet. Auto-tagging to encourage people to re-engage with the issue (or close it!).
schema.org vocab
General top level tag for issues on the vocabulary
Working in the software industry, it is common to have a new common vulnerability and exposure come up - from Heartbleed to Shellshock to Poodle, it would be helpful to create a new schema that addresses the unique properties of the CVE.
New Schema Itemtypes
critical, important, moderate & low (based on impact)
https://access.redhat.com/security/updates/classification
this is text that describes the product or products that are affected by the vulnerability - from browsers like Chrome to Software like Windows95
the common name of the CVE (shellshock, heartbleed)
CVE prefix Year Arbitrary Digits
IMPORTANT: The variable length arbitrary digits will begin at four (4) fixed digits and expand with arbitrary digits only when needed in a calendar year, for example, CVE-YYYY-NNNN and if needed CVE-YYYY-NNNNN, CVE-YYYY-NNNNNNN, and so on. This also means there will be no changes needed to previously assigned CVE-IDs, which all include 4 digits.
https://cve.mitre.org/cve/identifiers/syntaxchange.html
Existing Schema ItemTypes
I would appreciate any feedback and discussion on this. (side note, this is my first recommendation for this group, so I'd appreciate any feedback on how to better be suggest schema)
Regards.
The text was updated successfully, but these errors were encountered: