Updates from October 2 meeting feedback

sei-vsarvepalli · sei-vsarvepalli · commit 4284ad069b65 · 2025-10-02T17:20:35.000-04:00
diff --git a/rfds/0459-SSVC-2-0-0-add.md b/rfds/0459-SSVC-2-0-0-add.md
@@ -42,22 +42,38 @@ This ensures that CVE Records can cleanly incorporate SSVC alongside other struc
 The test-cases for PR [#459](https://github.com/CVEProject/cve-schema/pull/459) illustrate how SSVC data can be expressed. For example:
 
 https://certcc.github.io/SSVC/data/schema_examples/CVE-1900-1234-Decision_Point_Value_Selection-2-0-0.json
-
+A minimal record looks like below
 ```json
 {
-    "target_ids": ["CVE-1900-1234"],
     "timestamp": "2021-09-29T15:29:44Z",
     "schemaVersion": "2.0.0",
     "selections": [
 	{
 	    "namespace": "ssvc",
-	    "name": "Exploitation",
 	    "key": "E",
 	    "version": "1.1.0",
 	    "values": [
-		{"name":"Active", "key": "A"}
+		{"key": "A"}
 	    ]
-	},
+	}
+     ]
+```
+
+A more advanced record looks like below for a similar infomration
+
+```json
+{
+    "timestamp": "2021-09-29T15:29:44Z",
+    "schemaVersion": "2.0.0",
+    "selections": [
+        {
+            "namespace": "ssvc",
+            "key": "E",
+            "version": "1.1.0",
+            "values": [
+                {"key": "A"}
+            ]
+        },
 	{
 	    "namespace": "ssvc",
 	    "name": "Automatable",
@@ -76,7 +92,15 @@ https://certcc.github.io/SSVC/data/schema_examples/CVE-1900-1234-Decision_Point_
 		{"name": "Total","key":"T"}
 	    ]
 	}
-    ]
+    ],
+    "decision_point_resources": [{
+        "summary": "A JSON file containing SSVC update to Exploitation Decision Point",
+       "uri": "https://certcc.github.io/SSVC/data/json/decision_points/ssvc/exploitation_1_1_0.json"
+    }],
+    "references": [{
+        "summary": "An exploitation example was published for this vulnerability",
+        "uri": "https://example.com/report"
+    }]
 }
 ```
 
@@ -116,6 +140,7 @@ VulnCheck currently has SSVC coverage for 244,866 CVEs, while CISA Vulnrichment
 
 See: Automating SSVC (VulnCheck blog)[[https://www.vulncheck.com/blog/automating-ssvc]
 
+See: SSVC community which captures usage of SSVC in the real-world at (SSVC Dicssions Sightings)[https://github.com/CERTCC/SSVC/discussions/291]
 
 
 ## Related Issues or Proposals
diff --git a/schema/docs/full-record-advanced-example.json b/schema/docs/full-record-advanced-example.json
@@ -198,35 +198,15 @@
 			"schemaVersion": "1-0-1"
 		    },
 		    "ssvcV2_0_0":{
-			"target_ids": ["CVE-1900-1234"],
 			"timestamp": "2021-09-29T15:29:44Z",
 			"schemaVersion": "2.0.0",
 			"selections": [
 			    {
 				"namespace": "ssvc",
-				"name": "Exploitation",
 				"key": "E",
 				"version": "1.1.0",
 				"values": [
-				    {"name":"Active", "key": "A"}
-				]
-			    },
-			    {
-				"namespace": "ssvc",
-				"name": "Automatable",
-				"key": "A",
-				"version": "2.0.0",
-				"values": [
-				    {"name": "Yes", "key": "Y"}
-				]
-			    },
-			    {
-				"namespace": "ssvc",
-				"name": "Technical Impact",
-				"key": "TI",
-				"version": "1.0.0",
-				"values": [
-				    {"name": "Total","key":"T"}
+				    {"key": "A"}
 				]
 			    }
 			]
