-
Type: Task
-
Status: New
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Environment:
[Proposed]
-
Proposal:
We should decide on the degree up to which we mirror / enforce constraints from proxied domain solutions / rule sets.
Sample: CVSS
A sample draft for a JSON schema of CVSS v3 has been sent to this list, which indicates, that not only the BaseScore, but also the Vector is a required element of such a "CVSS" document.
To maintain version over arching robust embedding and at the same time allow round trip transport of foreign defined "snippets" we should decide on what we enforce (and ideally as a general guideline for all "referred" / proxied domain "snippets").
It is further suggested to start always considering the envisioned CSAF version 2.0 format agnostic (at least XML and JSON) with any decisions on ordering, cardinality, containment rules etc. to not build up technical debt and avoid format biased architectural decisions.