Which in some instances have been extended by other sources (e.g., CVE -> NVD).
Ideally, GSD would have a normalized data format that is a superset of all of these base formats (containing all possible data) and allows for automatically ingesting and outputting those formats through a converter/API.
The first effort should be understanding the cross-compatibility between all of these formats and what the superset that represents all of the data would be. Once that's understood, either use an existing format that matches that superset or create one if it does not exist. As a part of this, creating the tooling to both ingest the three formats into the source of truth and output the three formats from the source of truth.
Issue will be complete once a normalized data format has been created, tooling in place to convert to and from it and the current base formats.
There appear to be three base formats currently:
Which in some instances have been extended by other sources (e.g., CVE -> NVD).
Ideally, GSD would have a normalized data format that is a superset of all of these base formats (containing all possible data) and allows for automatically ingesting and outputting those formats through a converter/API.
The first effort should be understanding the cross-compatibility between all of these formats and what the superset that represents all of the data would be. Once that's understood, either use an existing format that matches that superset or create one if it does not exist. As a part of this, creating the tooling to both ingest the three formats into the source of truth and output the three formats from the source of truth.
Issue will be complete once a normalized data format has been created, tooling in place to convert to and from it and the current base formats.