OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code
The ordered tuple of the values of party, status and date (if present) SHALL be unique within involvements.
However, this would allow the following to be valid:
"involvements": [
{
"date": "2021-04-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress"
},
{
"date": "2021-04-23T10:00:00.000Z",
"party": "vendor",
"status": "in_progress",
"summary": "The vendor has released a mitigation and is working to fully resolve the issue."
}
]
As it is stated in the first sentence of the seventh paragraph:
Each status is mutually exclusive - only one status is valid for a particular vulnerability at a particular time.
the status can't be part of the tuple.
Proposal
Remove the status from and make the sentence read:
The ordered tuple of the values of party and date (if present) SHALL be unique within involvements.
tschmidtb51
commented
3 years ago
Situation
reference: https://docs.oasis-open.org/csaf/csaf/v2.0/csd01/csaf-v2.0-csd01.html#3236-vulnerabilities-property---involvements
The last sentence of the second paragraph reads:
However, this would allow the following to be valid:
As it is stated in the first sentence of the seventh paragraph:
the status can't be part of the tuple.
Proposal
Remove the
statusfrom and make the sentence read: