ADP content update bumps the date for the CVE record #293
Labels
enhancement
New feature or request
Needs Discussion
Discuss in a future QWG meeting or on mailing list
section:dates
Schema location is dates
Comments
jayjacobs
added
section:dates
|
Art: It appears that dateUpdated is bumped within each container and also at the CVE Record level. I took a look at https://cveawg.mitre.org/api/cve/CVE-2022-3205 as an example. You can see different dateUpdated values for the CNA and the CVE Program container in the example. The most recent date of update from the CVE Program container is reflected at the CVE Record level as i would expect, since that is the more recent of the two. I think this is correct, but let me know if i am missing something. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From the 2023-05-03 SPWG meeting, confirm this behavior: changes to an ADP container bump the date on the container, and also bump the date on the CVE record.
If an ADP adds or updates an ADP container frequently, consumers will see lots of updated records. dateUpdated is defined as "The date/time the record was last updated." We probably don't want to redefine this. Semantically, the ADP container is part of the the record, data was updated, so consumers should be made aware by a new date on the record.
Significantly more frequent updates may surprise consumers.
From CVEProject/automation-working-group#117
The text was updated successfully, but these errors were encountered: