Initial steps to enhance the presentation of the CSAF model

csaf_2.1/prose/edit/src/outline/document-acknowledgements.yaml

@@ -0,0 +1,10 @@
+<advisory-instance>:
+  document:
+    acknowledgements:  # $defs.acknowledgments_t
+    - # <acknowledgement-instance>:
+      names: Sequence
+      organization: String
+      summary: String
+      urls: Sequence
+      # ...
+    # ...

csaf_2.1/prose/edit/src/outline/document-aggregate_severity.yaml

@@ -0,0 +1,7 @@
+<advisory-instance>:
+  document:
+    # ...
+    aggregate_severity:
+      namespace: String
+      text: String
+    # ...

csaf_2.1/prose/edit/src/outline/document-distribution-sharing_grouo.yaml

@@ -0,0 +1,9 @@
+<advisory-instance>:
+  document:
+    # ...
+    distribution:
+      sharing_group:
+        id: String.Pattern
+        name: String
+      # ...
+    # ...

csaf_2.1/prose/edit/src/outline/document-distribution-tlp.yaml

@@ -0,0 +1,9 @@
+<advisory-instance>:
+  document:
+    # ...
+    distribution:
+      # ...
+      tlp:
+        label: String
+        url: String.URI
+    # ...

csaf_2.1/prose/edit/src/outline/document-distribution.yaml

@@ -0,0 +1,8 @@
+<advisory-instance>:
+  document:
+    # ...
+    distribution:
+      sharing_group: Mapping
+      text: String
+      tlp: Mapping
+    # ...

csaf_2.1/prose/edit/src/outline/document-publisher.yaml

@@ -0,0 +1,8 @@
+<advisory-instance>:
+  document:
+    publisher:
+      category: String
+      contact_details: String
+      issuing_authority: String
+      name: String
+      namespace: String

csaf_2.1/prose/edit/src/outline/document-references.yaml

@@ -0,0 +1,9 @@
+<advisory-instance>:
+  document:
+    # ...
+    references:  # $defs.references_t
+    - # <reference-instance>:
+      category: String
+      summary: String
+      url: String.URI
+    # ...

csaf_2.1/prose/edit/src/outline/document-tracking-aliases.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  document:
+    # ...
+    tracking:
+      aliases: Sequence
+      # ...

csaf_2.1/prose/edit/src/outline/document-tracking-generator-engine.yaml

@@ -0,0 +1,10 @@
+<advisory-instance>:
+  document:
+    tracking:
+      # ...
+      generator:
+        # ...
+        engine:
+          name: String
+          version: String
+      # ...

csaf_2.1/prose/edit/src/outline/document-tracking-generator.yaml

@@ -0,0 +1,8 @@
+<advisory-instance>:
+  document:
+    tracking:
+      # ...
+      generator:
+        date: String
+        engine: Mapping
+      # ...

csaf_2.1/prose/edit/src/outline/document-tracking-revision_history-revision.yaml

@@ -0,0 +1,12 @@
+<advisory-instance>:
+  document:
+    # ...
+    tracking:
+      # ...
+      revision_history:
+      - # <revision-instance>:
+        date: String
+        legacy_version: String
+        number: $defs.version_t
+        summary: String
+      # ...

csaf_2.1/prose/edit/src/outline/document-tracking-revision_history.yaml

@@ -0,0 +1,7 @@
+<advisory-instance>:
+  document:
+    # ...
+    tracking:
+      # ...
+      revision_history: Sequence
+      # ...

csaf_2.1/prose/edit/src/outline/document-tracking.yaml

@@ -0,0 +1,12 @@
+<advisory-instance>:
+  document:
+    # ...
+    tracking:
+      aliases: Sequence
+      current_release_date: String.DateTime
+      generator: Mapping
+      id: String.Pattern
+      initial_release_date: String.DateTime
+      revision_history: Sequence
+      status: String.Enum
+      version: $defs.version_t

csaf_2.1/prose/edit/src/outline/document.yaml

@@ -0,0 +1,15 @@
+<advisory-instance>:
+  document:
+    acknowledgments: $defs.acknowledgments_t
+    aggregate_severity: Mapping
+    category: String.Pattern
+    csaf_version: String.Enum
+    distribution: Mapping
+    lang: $defs.lang_t
+    license_expression: String
+    notes: $defs.notes_t
+    publisher: Mapping
+    references: $defs.references_t
+    source_lang: $defs.lang_t
+    title: String
+    tracking: Mapping

csaf_2.1/prose/edit/src/outline/dollar-defs.yaml

@@ -0,0 +1,12 @@
+$defs:
+  acknowledgments_t: Sequence
+  branches_t: Sequence
+  full_product_name_t: Mapping
+  lang_t: String.Pattern
+  notes_t: Sequence
+  product_group_id_t: String
+  product_groups_t: Sequence
+  product_id_t: String
+  products_t: Sequence
+  references_t: Sequence
+  version_t: String.Pattern

csaf_2.1/prose/edit/src/outline/product-tree.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  product_tree:
+    branches: $defs.branches_t
+    full_product_names: Mapping
+    product_groups: Sequence
+    relationships: Sequence

csaf_2.1/prose/edit/src/outline/product-tree_product_groups-product_group.yaml

@@ -0,0 +1,11 @@
+<advisory-instance>:
+  # ...
+  product_tree:
+    # ...
+    product_groups:
+    - # <product_group-instance>:
+      group_id: $defs.product_group_id_t
+      product_ids: Sequence
+      summary: String
+    # ...
+  # ...

csaf_2.1/prose/edit/src/outline/product-tree_product_groups.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  # ...
+  product_tree:
+    # ...
+    product_groups: Sequence
+  # ...

csaf_2.1/prose/edit/src/outline/product-tree_relationships-relationship.yaml

@@ -0,0 +1,12 @@
+<advisory-instance>:
+  # ...
+  product_tree:
+    # ...
+    relationships:
+    - # <relationship-instance>:
+      category: String.Enum
+      full_product_name: $defs.full_product_name_t
+      product_reference: $defs.product_id_t
+      relates_to_product_reference: $defs.product_id_t
+    # ...
+  # ...

csaf_2.1/prose/edit/src/outline/product-tree_relationships.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  # ...
+  product_tree:
+    # ...
+    relationships: Sequence
+  # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-acknowledgements.yaml

@@ -0,0 +1,11 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    acknowledgements:  # $defs.acknowledgments_t
+    - # <acknowledgement-instance>:
+      names: Sequence
+      organization: String
+      summary: String
+      urls: Sequence
+      # ...
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-cwes-cwe.yaml

@@ -0,0 +1,10 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    cwes:
+    - # <cwe-instance>:
+      id: String.Pattern
+      name: String.Pattern
+      version: String.Pattern
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-cwes.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    cwes: Sequence
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-first_known_exploitation_dates-event_instance.yaml

@@ -0,0 +1,11 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    first_known_exploitation_dates:
+    - # <event-instance>:
+      date: String.DateTime
+      exploitation_date: String.DateTime
+      group_ids: $defs.product_groups_t
+      product_ids: $defs.products_t
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-first_known_exploitation_dates.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    first_known_exploitation_dates: Sequence
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-involvements-involvement.yaml

@@ -0,0 +1,14 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    involvements:
+    - # <involvement-instance>:
+      contact: String
+      date: String.DateTime
+      group_ids: $defs.product_groups_t
+      party: String.Enum
+      product_ids: $defs.products_t
+      status: String.Enum
+      summary: String
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-involvements.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    involvements: Sequence
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-product_status.yaml

@@ -0,0 +1,15 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    product_status:
+      first_affected: $defs.products_t
+      first_fixed: $defs.products_t
+      fixed: $defs.products_t
+      known_affected: $defs.products_t
+      known_not_affected: $defs.products_t
+      last_affected: $defs.products_t
+      recommended: $defs.products_t
+      under_investigation: $defs.products_t
+      unknown: $defs.products_t
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-remediations-remediation.yaml

@@ -0,0 +1,15 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    remediations:
+    - # <remediation-instance>:
+      category: String.Enum
+      date: String.DateTime
+      details: String
+      entitlements: Sequence
+      group_ids: $defs.product_groups_t
+      product_ids: $defs.products_t
+      restart_required: Mapping
+      url: String.URI
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability-remediations.yaml

@@ -0,0 +1,6 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    # ...
+    remediations: Sequence
+    # ...

csaf_2.1/prose/edit/src/outline/vulnerabilities-vulnerability.yaml

@@ -0,0 +1,19 @@
+<advisory-instance>:
+  vulnerabilities:
+  - # <vulnerability-instance>:
+    acknowledgments: $defs.acknowledgments_t
+    cve: String.Pattern
+    cwes: Sequence
+    disclosure_date: String.DateTime
+    discovery_date: String.DateTime
+    first_known_exploitation_dates: Sequence
+    flags: Sequence
+    ids: Sequence
+    involvements: Sequence
+    metrics: Sequence
+    notes: $defs.notes_t
+    product_status: Mapping
+    references: $defs.references_t
+    remediations: Sequence
+    threats: Sequence
+    title: String

csaf_2.1/prose/edit/src/outline/vulnerabilities.yaml

@@ -0,0 +1,2 @@
+<advisory-instance>:
+  vulnerabilities: Sequence

csaf_2.1/prose/edit/src/schema-elements-01-definitions.md

@@ -5,40 +5,17 @@ Acknowledgments (`acknowledgments_t`), Branches (`branches_t`), Full Product Nam
 Product Group ID (`product_group_id_t`), Product Groups (`product_groups_t`), Product ID (`product_id_t`), Products (`products_t`),
 References (`references_t`), and Version (`version_t`).
 
-```
-    "$defs": {
-        "acknowledgments_t": {
-            // ...
-        },
-        "branches_t": {
-            // ...
-        },
-        "full_product_name_t": {
-            // ...
-        },
-        "lang_t": {
-            // ...
-        },
-        "notes_t": {
-            // ...
-        },
-        "product_group_id_t": {
-            // ...
-        },
-        "product_groups_t": {
-             // ...
-        },
-        "product_id_t": {
-            // ...
-        },
-        "products_t": {
-            // ...
-        },
-        "references_t": {
-            // ...
-        },
-        "version_t": {
-            // ...
-        }
-    },
+```yaml
+$defs:
+  acknowledgments_t: Sequence
+  branches_t: Sequence
+  full_product_name_t: Mapping
+  lang_t: String.Pattern
+  notes_t: Sequence
+  product_group_id_t: String
+  product_groups_t: Sequence
+  product_id_t: String
+  products_t: Sequence
+  references_t: Sequence
+  version_t: String.Pattern
 ```