3.2.4.8 Vulnerabilities Property - IDs clarification or enhancement #1361
Description
Question for this property and a possible either enhancement to the schema or the documentation. Can there be some way to specify "per product/per platform" association to a particular vendor ID (ie bug ID in our case)?
In 3.2.4.8, there are two mandatory properties, but can there be additional properties without breaking validation?
We'd like to have some way to specify the defect tracking ID that is per platform, and there may be various platforms affected by any given vulnerability with a specific defect ID.
If there a standard suggested guidance for mapping vulnerable product and platform to the ID in CSAF and properties?