feature request: add url to notes

oasis-tcs / csaf

OASIS CSAF TC: Supporting version control for Work Product artifacts developed by members of TC, including prose specifications and secondary artifacts like meeting minutes and productivity code

https://github.com/oasis-tcs/csaf

Other

147 stars 39 forks source link

feature request: add url to notes #623

Open jaccoNCSCNL opened 1 year ago

jaccoNCSCNL commented 1 year ago

As a national CERT we often include (parts of) text from vendors in our generated CSAF documents. These texts are in the notes section of the vulnerability properties. In the references section we now have the link to the original advisory. Currently it is not possible to connect the note to the reference. It would be nice to make that connection. This could be done either by a url field in the note, or via a construct similar to product_id i.e. a unique string per url which can be referenced in the notes section.

tschmidtb51 commented 1 year ago

Thank you for the suggestion. The TC will discuss the suggestion.

tschmidtb51 commented 1 year ago

As discussed in today's TC meeting, here is an example, how this could look like:


      "notes": [
        {
          "category": "summary",
          "references": "CSAFRef-0001",
          "text": "Summarizing the text that should be in here. BTW: It was actually cited or taken from the original advisory linked in the references.",
          "title": "Vulnerability summary"
        }
      ],
      // ...
      "references": [
        {
          "category": "external",
          "id": "CSAFRef-0001",
          "summary": "A cool summary",
          "url": "https://example.com/an-advisory-url-I-want-to-cite"
        }
      ],

jaccoNCSCNL commented 6 months ago

looks good. this will work for us.