Three dateUpdated fields, all set by Services

CVEProject / cve-schema

This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.

Creative Commons Zero v1.0 Universal

244 stars 137 forks source link

Three dateUpdated fields, all set by Services #291

Open zmanion opened 5 months ago

zmanion commented 5 months ago

dateUpdated for the CVE record

dateUpdated for the CNA container Timestamp to be set by the system of record at time of submission. If dateUpdated is provided to the system of record it will be replaced by the current timestamp at the time of submission.

dateUpdated for the ADP container, same treatment as 2.

As noted in 2., if CNAs or ADPs provide dateUpdated, it gets stomped by the Services. So consider not allowing submission of these fields.

zmanion commented 5 months ago

Copied from/duplicate of https://github.com/CVEProject/automation-working-group/issues/120 since this issue involves an interaction between CVE Record Format and CVE Services.