What kind of credit in credits field? #85
Comments
|
Chiming in here from the GitHub side, we'd like to update our own credits model to have types of credits in alignment with the MITRE spec. Would be great if we could consider a "type" field in credits similar to the OSV references field. |
|
Thanks for chiming in! Given the additional interest, let's resurrect this thread. A "type" enum field that allows an easy 1:1 mapping to the MITRE spec could certainly work here. |
|
How should package-maintainers get credited? |
|
@captn3m0 here's how the meanings are described as per MITRE:
So I guess it would depend on the maintainer's role in the solution... Could be analyst, coordinator, remediation developer, or really any. |
|
Would someone like to suggest a PR to add this? It seems like the type should enable an easy 1:1 mapping to MITRE for interoperability. |
|
@oliverchang thank you! Our team will submit one. |
|
@oliverchang created a PR here: #110 /cc @KateCatlin @katblag |
As discussed in #85, we'd like to propose these changes to the OSV schema to add credit types/roles that correspond to those defined by the [MITRE CVE schema](https://github.com/CVEProject/cve-schema/blob/master/schema/v5.0/CVE_JSON_5.0_schema.json). Would appreciate any feedback or proposed changes! --------- Signed-off-by: Kailani Chu <hawaiigal@github.com>
|
@oliverchang Looks like this has been merged/deployed. Time to close the issue? 🎉 |
credits fields
{
"credits": [ {
"name": string,
"contact": [ string ],
} ]
}
The credits field is a JSON array providing a way to give credit for the discovery, confirmation, patch, or other events in the life cycle of a vulnerability.
is there some reason we don't have an optional text description or ENUM for what kind of credit(s)?
The text was updated successfully, but these errors were encountered: