schemas.v1.2.0.external.cvrf_1.1.cvrf.xsd Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of stix Show documentation
Show all versions of stix Show documentation
The Java bindings for STIX v.1.2.0.2
The newest version!
This is the XML schema for the Common Vulnerability Reporting Framework. For more information, see the CVRF whitepaper.
Brian Schafer <[email protected]>
Joe Clarke <[email protected]>
Joe Hemmerlein <[email protected]>
2012-05-07
CVRF Dictionary
1.1
Types enumerating the status of the document.
Pre-release, intended for issuing party’s internal use only, or possibly used externally when the party is seeking feedback or indicating its intentions regarding a specific issue.
The issuing party believes the content is subject to change.
The issuing party asserts the content is unlikely to change.
Floating point number representing the CVRF specification version
Root element of a CVRF document.
A definitive canonical name for the document, providing enough descriptive content to differentiate from other similar documents, ideally providing a unique “handle”.
A short canonical name, chosen by the document producer, which will inform the consumer about the type of the document.
A container holding all information about the publisher of the CVRF document.
Author contact information such as address, phone number, email, etc.
The name of the issuing party and their authority to release the document, in particular, the party's constituency and responsibilities or other obligations.
Type is an enumerated list containing an array of different document publisher types.
Vendor ID is a unique identifier (OID) that a vendor uses as issued by FIRST under the auspices of IETF.
The Document Tracking meta-container contains all of the attributes necessary to track a CVRF document.
Contains document ID and optional document aliases
Short unique identifier used to refer to the document unambiguously in any context.
Optional alternative ID for document
The condition of the document with regard to completeness and the likelihood of future editions.
Document Version is a simple counter to track the version of the document.
The Document Revision History contains one entry for each substantive version of the document, including the initial version and entries for each subsequent update.
A set of Version, Date, and Description elements describing one iteration of this document
Revision number of this iteration of the document.
Date when this iteration of the document was released.
Description of this iteration of the document.
The initial date (and time, optionally) that the document was initially released by the issuing party.
The current date (and time, optionally) that the document was released by the issuing party.
The Document Generator meta-container contains all of the elements related to the generation of the document.
The name and version of the engine that generated the CVRF document.
The date the CVRF document was generated.
The Document Notes text contains all of the individual notes necessary to provide different types of low-level discussions of a CVRF document to various audiences.
A individual note in freeform text.
Title should be a concise description of what is contained in this specific note.
Audience will indicate who is intended to read the note.
Type of content within this note.
Ordinal is a locally significant integral counter indexed from 1 used to track notes.
The Document Distribution string should contain details on constraints, if any, about sharing this CVRF Document with additional recipients.
Aggregate Severity is provided by the producer of the document to convey the urgency and criticality with which the vulnerability or vulnerabilities should be addressed.
URL of the namespace from which the Aggregate Severity is taken.
This meta-container should include references to any conferences, papers, advisories, and other resources that are related and considered to be of value to the document consumer.
Related documents to the CVRF document.
The URL of the related document.
The description of the related document.
Enumerated type value of reference relative to this document.
The Acknowledgments container holds one or more Acknowledgement containers for document-level acknowledgements.
The Acknowledgment container holds recognition details for external parties, specific to the document as a whole rather than individual vulnerabilities.
The name (i.e., individual name) of the party being acknowledged.
The organization of the party being acknowledged or the organization itself being acknowledged.
The details of the acknowledgment that address the recognition of external parties who were instrumental in the discovery, reporting and response of this document.
The optional URL to the person, place, or thing being acknowledged.
This is to ensure that each Vulnerability's Ordinal uses a unique value.
This is to ensure that each note has a unique ordinal value.
A key to reference a specific product defined in a referenced product schema.
An instance of the ProductKey to be used in the ProductID element for affected products.
An instance of the ProductKey to be used in the CVSS ScoreSet product references.
An instance of the ProductKey to be used in the Threat product references.
An instance of the ProductKey to be used in the Remediation product references.
A key to reference a specific product group defined in a referenced product schema.
An instance of the GroupKey to be used in the Threat product references.
An instance of the GroupKey to be used in the Remediation product references.