Investigate Impact/Utility of CVE JSON 5.0 to Dependency-Track

[msymons]

From Changes Coming to CVE Record Format JSON and CVE List Content Downloads:

CVE JSON 5.0 is a major upgrade to JSON 4.0 that further normalizes and enriches how CVE information is presented. It adds several new data fields to CVE Records. In addition to the required data of CVE ID number, affected product(s), affected version(s), and public references, JSON 5.0 CVE Records will now include optional data such as severity scores, credit for researchers, additional languages, affected product lists, additional references, ability for community contributions, etc. This optional data will enhance CVE Records for both downstream users and the overall vulnerability management community.

Will this impact Dependency-Track or (better still) provide opportunity for improving Dependency-Track?

If the answer is "yes" then this issue can be changed from "investigate" to "implement something" (or a new issue created).

[msymons]

CVE JSON Record Format 5.0.0 released 26th Oct 2022