Closed jaccoNCSCNL closed 1 month ago
Thank you for the suggestion. The TC will discuss the suggestion.
During the 2023-09-27 meeting of the TC the members agreed to implement the feature in CSAF v2.1.
Thanks!
@jaccoNCSCNL To follow the OASIS process, please also announced the request on the comment mailing list. A simple email pointing to the issue should be sufficient.
As a national CERT we often bundle multiple advisories into one. This also means that we sometimes have conflicting CVSS scores from different sources for the same vulnerability. We think that it would make sense to add an optional source (or reference) to a CVSS score which would indicate who made this score.