search

oasis-open / csaf-documentation

OASIS TC Open Repository: A GitHub repository for management of non-normative information about the work of the CSAF Technical Committee, including documentation
https://oasis-open.github.io/csaf-documentation/
BSD 3-Clause "New" or "Revised" License
19 stars 10 forks source link

Vulnerability Threat Element Error #5

Open dstrohl opened 3 years ago

dstrohl commented 3 years ago

In version 1.2 (http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html#_Toc493508771) Section 6.11.1

It indicates that "Date" is an attribute, however in examples 61 and 62, date is added as an element. (note also that on example 62, the opening element tag for "Date" uses a "/", which is incorrect)

Example 61: Exploit Status:

none 2011-11-26T00:00:00+00:00 CVRFPID-0000

Example 62: Exploit Status without Product ID:

proof of concept 2011-11-26T00:00:00+00:00

I'm not sure if this is incorrectly marked as being a date attribute and it should be an element, or if it's incorrectly exampled as being an element, but it should be one or the other.

santosomar commented 3 years ago

This is also being addressed/changed in the current CSAF 2.0 Schema and CSAF 2.0 prose