CVSSv4 JSON output

[tschmidtb51]

Hi Yan,
we had a longer discussion with the CVSS SIG facilitated by your implementation based on #2. As a result, the CVSS SIG removed the threatScore, threatSeverity, environmentalScore and environmentalSeverity from the JSON schema as they are not (clearly) defined in the spec. Also, they clarified that the baseScore (and baseSeverity) is actually the overallScore. (see oasis-tcs/csaf#1070)

Could you please update your implementation to remove the values from the JSON again?

Thank you for helping to clarify that!

Best wishes,
Thomas

[tschmidtb51]

PS: The CVSS SIG is also working on a new schema (currently available at https://www.first.org/cvss/cvss-v4.0.rev.json) to fix the license issue and prohibit unevaluated properties ...

[YanWittmann]

Hi Thomas,
thank you for the update regarding these discussions with the CVSS SIG. I will be looking into the details and implications of the new schema field clarifications/removals at the beginning of next week.

Please excuse my silence on the previous issue, I really do appreciate you keeping us up-to-date.

Best regards,
Yan