oliverchang
commented
2 years ago Thanks @kurtseifried This seems like really useful information that would ideally be tracked in database_specific. We are trying to keep the schema lean. Even if these are optional fields, adding more to the spec will unfortunately make it harder to understand.
Of course, if there is more demand from other vulnerability databases for this, we'd be much more open to adding this.
I'll keep this open for further discusison.
So I'm finding timeline analysis is a lot easier when the Source URLs are tagged with time data, can I suggest we add an (optional, not required) support for a publishedDate and lastModifiedDate, e.g. almost all Red Hat RHSA's have it (Issued: 2017-11-16 Updated: 2017-11-16), Debian DSA (Date Reported: 09 Mar 2022), and so on.