search

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
https://github.com/oasis-tcs/csaf
Other
152 stars 40 forks source link

Clarify Contradiction Product Status #348

Closed tschmidtb51 closed 3 years ago

tschmidtb51 commented 3 years ago

Situation

reference: https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.html#616-contradicting-product-status

The first paragraph reads:

It must be tested that the same Product ID is not member of contradicting product status groups.

It is not explicitly stated that the sets must be pairwise disjoint nor that this applies only per vulnerability.

Proposal

Add an additional sentence after the first one and make the paragraph read:

For each item in /vulnerabilities it must be tested that the same Product ID is not member of contradicting product status groups. The sets formed by the contradicting groups within one vulnerability item must be pairwise disjoint.

tschmidtb51 commented 3 years ago

@wrideout posted for notification