Comments (1)
chandanbn
commented on June 26, 2024
You are combing three different problems:
- How do you compare given two versions to determine what came first.
Short answer: it requires encoding the entire set (or at least actively maintained set) of versions as a directed acyclic graph. Pattern matching or alphanumeric comparison is not reliable.
IMHO encoding this graph in per CVE JSON could be an overkill. Perhaps this can be done in the per CNA JSON?
- Given this graph, how do you encode which versions are affected, which versions are not affected, and which are unknown?
See my update to #42
- What do you make of versions not covered by what is stated or can be inferred from JSON?
Answer: status should be considered as unknown.
If a CNA wants to declare something as not affected, it is better to explicitly state it.
from automation-working-group.
Related Issues (20)
- Change references of ISO 8601 to RFC 3339 HOT 1
- test and present CVE clients HOT 3
- Why are CVE list entries not conforming to any specified schema? HOT 4
- original assigner vs. owner HOT 7
- Does an ADP content update the date for the CVE record? HOT 1
- Validate and warn if datePublic is in the future HOT 3
- Clarify date fields in JSON 5.0 schema HOT 2
- Three dateUpdated fields, all set by Services HOT 2
- Clarify how non-ASCII email addresses should be handled
- Restricting email address TLDs
- Document How to Join AWG
- "efficient management of the CVE Program. " but maybe also "efficient consumption"? HOT 1
- Under objectives what about self serve/parent serve and to what degree? HOT 1
- "Ensure backwards compatibility" HOT 1
- version_value "-" HOT 2
- Validating JSON issues and future HOT 1
- ID Allocation should be able to provide IDs for previous years HOT 1
- [Bug] Missing product_name in CVE JSON 5.0 Review Conversion Set HOT 1
- [Bug/Discussion] Migrate additional version_data properties to CVE JSON 5.0 HOT 3
- [Question/Discussion] Separate attributes for different CVE states in JSON schema (v5.13) HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from automation-working-group.