Hi all,
I'm involved in CVE Quality Working Group. This is FYI about an attempt related to End-of-Support there.
There is a need for new CVE json schema to provide cpe. In addition to that, there is one proposal for adding a tag for cpe for indicating that cpe is End-of-Support. In CVE Quality Working Group meeting last week, I shared OpenEoX url, emphasizing EoX is a standalone issue, CVE json schema should provide the reference url to EoX (hopeful to OpenEoX in the future), and encouraged the interested stakeholders to participate in OpenEoX.
After the long debate, this proposal was adjourned as there weren't enough votes for it now.
Hopefully OpenEoX has the better visibility so that there wouldn't be no duplicated efforts.
Thanks,
--Feng
------------------------------
Feng Cao
Principle Security Analyst
Oracle
------------------------------