Develop a list of best practices

CVEProject / cve-schema

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

Creative Commons Zero v1.0 Universal

244 stars 137 forks source link

Develop a list of best practices #181

Open david-waltermire opened 2 years ago

david-waltermire commented 2 years ago

There is a need to develop a list of best practices for use of JSON 5. This issue is a place to organize potential best practices.

david-waltermire commented 2 years ago

From JSON 4 data:

Versions Affected: <= 2.10

Use of <= makes it impossible to identify which version the vulnerability was fixed in. It's not clear if the vulnerability is fixed in 2.11, 2.10.1, or any other version.

The JSON 5 format can be used to identify both the vulnerable and fixed version spaces. Examples need to be produced to illustrate the best practice here.