CERTCC · ahouseholder · Feb 25, 2025 · Feb 20, 2025 · Feb 20, 2025 · Feb 20, 2025
@@ -15,23 +15,29 @@
             "properties": {
                 "key": {
                     "type": "string",
-                    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
+                    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way",
+		    "minLength": 1,
+		    "examples": ["P", "Y"]
                 },
                 "name": {
                     "type": "string",
-                    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+                    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points.",
+		    "minLength": 1,
+		    "examples": ["Public PoC", "Yes"]
                 },
                 "description": {
                     "type": "string",
-                    "description": "Description of the Decision Point Value"
+                    "description": "Description of the Decision Point Value",
+		    "minLength": 1,
+		    "examples": ["One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.","Attackers can reliably automate steps 1-4 of the kill chain."]
                 }
             },
 	    "required" : [
 		"key",
 		"name",
 		"description"
 	    ]
-	},
+	}, 
 	"decision_point": {
 	    "type": "object",
 	    "additionalProperties": false,
@@ -41,23 +47,32 @@
 		},
 		"namespace": {
 		    "type": "string",
-		    "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point"
+		    "description": "Namespace (a short, unique string): For example, \"ssvc\" or \"cvss\" to indicate the source of the decision point. See SSVC Documentation for details.",
+		    "pattern": "^[a-z0-9-]{3,4}[a-z0-9/\\.-]*$",
+		    "examples": ["ssvc", "cvss", "ssvc-jp", "ssvc/acme", "ssvc/example.com"]
 		},
 		"version": {
 		    "type": "string",
-		    "description": "Version (a semantic version string) that identifies this object"
+		    "description": "Version (a semantic version string) that identifies this object",
+		    "pattern": "^(?P<major>0|[1-9][0-9]*)\\.(?P<minor>0|[1-9][0-9]*)\\.(?P<patch>0|[1-9][0-9]*)(?:-(?P<prerelease>(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
+		    "examples": ["1.0.1", "1.0.1-alpha"]
 		},
 		"key": {
 		    "type": "string",
-		    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way"
+		    "description": "A key (a short, unique string) that can be used to identify the Decision Point/Decision Point value in a shorthand way",
+		    "minLength": 1,
+		    "examples": ["E", "A"]
 		},
 		"name": {
 		    "type": "string",
-		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points.",
+		    "minLength": 1,
+		    "examples": ["Exploitation", "Automatable"]
 		},
 		"description": {
 		    "type": "string",
-		    "description": "q Description of the Decision Point or the Group of Decision Points as defined."
+		    "description": "Description of the Decision Point or the Group of Decision Points as defined.",
+		    "minLength": 1
 		},
 		"values": {
 		    "description": "Decision Point Values are valid results from a Decision Point",

@@ -16,16 +16,19 @@
                     "$ref": "#/$defs/schemaVersion"
                 },
 		"version": {
-		    "type": "string",
-		    "description": "Version (a semantic version string) that identifies this object"
+		    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/version"
 		},
 		"name": {
 		    "type": "string",
-		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points."
+		    "description": "A short label that captures the description of the Decision Point or the Group of Decision Points.",
+		    "minLength": 1,
+		    "examples": ["SSVC Supplier","Coordinator Triage", "SSVC Deployer"]
 		},
 		"description": {
 		    "type": "string",
-		    "description": "Description of the Decision Point or the Group of Decision Points."
+		    "description": "Description of the Decision Point or the Group of Decision Points.",
+		    "minLength": 1,
+		    "examples": ["The decision points used by the coordinator during publication"]
 		},
 		"decision_points": {
 		    "type": "array",

@@ -5,53 +5,40 @@
 	"id": {
             "type": "string",
             "description": "Identifier for a vulnerability could be CVE, CERT/CC VU#, OSV id, Bugtraq, GHSA etc.",
-            "examples": ["CVE-1900-1234","VU#11111","GHSA-11a1-22b2-33c3"]
+            "examples": ["CVE-1900-1234","VU#11111","GHSA-11a1-22b2-33c3"],
+	    "minLength": 1
 	},	
 	"role": {
             "type": "string",
             "description": "Roles to define SSVC Stakeholders https://certcc.github.io/SSVC/topics/enumerating_stakeholders/",
-            "examples": ["Supplier","Deployer","Coordinator"]
+            "examples": ["Supplier","Deployer","Coordinator"],
+	    "minLength": 1
         },
 	"timestamp" : {
-            "description": "Date and time in ISO format  ISO 8601 format",
+            "description": "Date and time according to RFC 3339, section 5.6.",
             "type": "string",
-            "format": "date-time"
+	    "pattern": "^(?:[1-9]\\d{3}-[01]\\d-[0-3]\\d[Tt][0-2]\\d:[0-5]\\d:[0-5]\\d(?:\\.\\d+)?(?:[Zz]|[+-][0-2]\\d:[0-5]\\d))$"
-	    "pattern": "^(?:[1-9]\\d{3}-[01]\\d-[0-3]\\d[Tt][0-2]\\d:[0-5]\\d:[0-5]\\d(?:\\.\\d+)?(?:[Zz]|[+-][0-2]\\d:[0-5]\\d))$"
+             "format": "date-time"
-	    "pattern": "^(?:[1-9]\\d{3}-[01]\\d-[0-3]\\d[Tt][0-2]\\d:[0-5]\\d:[0-5]\\d(?:\\.\\d+)?(?:[Zz]|[+-][0-2]\\d:[0-5]\\d))$"
+             "format": "date-time"
 	},
-        "schemaVersion": {
-            "description": "Schema version used to represent this evaluation",
-            "type": "string",
-            "enum": ["1-0-1"]
-        },
 	"SsvcdecisionpointselectionSchema": {
 	    "description": "A down-selection of SSVC Decision Points that represent an evaluation at a specific time of a Vulnerability",
 	    "properties": {
 		"name": {
-		    "description": "Name of the Decision Point that were evaluated", 
-		    "title": "name",
-		    "type": "string",
-		    "examples": ["Automatable", "Exploitation"]
+		    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/name" 		    
 		},
 		"namespace": {
-		    "description": "SSVC Namespace that were used for defining the evaluated Decision Points",
-		    "title": "namespace",
-		    "type": "string",
-		    "examples": ["ssvc","cvssv4"]
+		    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/namespace"		    
 		},
 		"values": {
 		    "description": "Evaluated values of the Decision Point",
 		    "title": "values",
 		    "type": "array",
 		    "minItems": 1,
 		    "items": {
-			"description": "Each value that were down-selected for a Decision Point",
-			"title": "values",
-			"type": "string"
+			"$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point_value/properties/name"
 		    }
 		},
 		"version": {
-		    "description": "Version of the Decision Points that were evaluated",
-		    "title": "version",
-		    "type": "string"
+		    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/version"		    
 		}
 	    },
 	    "type": "object",
@@ -72,7 +59,7 @@
 	    "$ref": "#/$defs/role"
 	},
 	"schemaVersion": {
-	    "$ref": "#/$defs/schemaVersion"
+	    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/schemaVersion"
 	},
 	"timestamp": {
 	    "$ref": "#/$defs/timestamp"

@@ -34,7 +34,7 @@ def setUp(self) -> None:
             key="bar",
             description="baz",
             version="1.0.0",
-            namespace="ns",
+            namespace="name1",
             values=tuple(self.values),
         )
 
@@ -90,7 +90,7 @@ def test_ssvc_decision_point(self):
         self.assertEqual(obj.key, "bar")
         self.assertEqual(obj.description, "baz")
         self.assertEqual(obj.version, "1.0.0")
-        self.assertEqual(obj.namespace, "ns")
+        self.assertEqual(obj.namespace, "name1")
         self.assertEqual(len(self.values), len(obj.values))
 
     def test_ssvc_value_json_roundtrip(self):