From f1d5bf35a9dd1f9c1804314d3bb12b9b8dfae269 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Tue, 4 Mar 2025 20:32:05 +0100 Subject: [PATCH] Further review discussion results Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- csaf_2.1/prose/edit/src/conformance.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csaf_2.1/prose/edit/src/conformance.md b/csaf_2.1/prose/edit/src/conformance.md index cd76bc96..1cf36c51 100644 --- a/csaf_2.1/prose/edit/src/conformance.md +++ b/csaf_2.1/prose/edit/src/conformance.md @@ -606,7 +606,7 @@ Secondly, the program fulfills the following for all items of: The tool SHOULD implement an option to use the latest available CWE version at the time of the conversion that still matches. -* `/vulnerabilities[]/disclosure_date`: If a `release_date` was given, the CSAF 2.0 to CSAF 2.1 converter MUST convert the key as `disclosure_date`. +* `/vulnerabilities[]/disclosure_date`: If a `release_date` was given, the CSAF 2.0 to CSAF 2.1 converter MUST convert its value as value into the `disclosure_date` element. * `/vulnerabilities[]/metrics/ssvc_v1`: If a SSVC vector or decision points of an SSVC vector are given in an item of `notes` of the current vulnerability using the `title` `SSVC` and the `category` `other`, the CSAF 2.0 to CSAF 2.1 converter MUST convert that data into the `ssvc_v1` object within the current vulnerability.