Mastodawn

I’ve been analyzing the official CVE JSON format as part of a project on automating vulnerability testing (PoCs, reproducible environments, etc.), and I ran into two structural issues that seem to limit automation:

SSVC is buried inside metrics.other, which makes it harder to parse and doesn’t really reflect its importance in decision-making. A dedicated SSVC section could make the data much cleaner.

There’s no proper place for PoCs or reproducible environments. Those links are mixed inside general references, making it difficult to programmatically pull PoCs or docker-compose setups.

I wrote a small proposal explaining the idea and suggesting a structured way to improve this:
https://hackmd.io/@eOEOV3VYQC64eezoG2cl9A/HkYcOlwWbl

I’d love to hear from people who work with CVEs, automation, vuln pipelines, or standardization:
- Have you run into the same issues?
- Is this something the community would benefit from?
- Anything I might have missed on the CVE Program side?

Thanks for any feedback!

#CVE #Infosec #Security #SSVC #Automation #VulnerabilityManagement #Fediverse

Idea to improve the JSON format of CVEs for automation - HackMD

## **Idea to improve the JSON format of CVEs for automation** Hi everyone, As part of a school proj

HackMD