diff --git a/dictionary.json b/dictionary.json
index c78d651b0..a80768ec3 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -994,15 +994,10 @@
"description": "The CVSS object details Common Vulnerability Scoring System (CVSS) scores from the advisory that are related to the vulnerability.",
"type": "cvss"
},
- "cwe_uid": {
- "caption": "CWE UID",
- "description": "The Common Weakness Enumeration (CWE) unique identifier. For example: CWE-787.",
- "type": "string_t"
- },
- "cwe_url": {
- "caption": "CWE URL",
- "description": "Common Weakness Enumeration (CWE) definition URL. For example: https://cwe.mitre.org/data/definitions/787.html.",
- "type": "url_t"
+ "cwe": {
+ "caption": "CWE",
+ "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog.",
+ "type": "cwe"
},
"data": {
"caption": "Data",
diff --git a/objects/cve.json b/objects/cve.json
index d1336a771..cddf418ce 100644
--- a/objects/cve.json
+++ b/objects/cve.json
@@ -7,19 +7,14 @@
"cvss": {
"requirement": "recommended"
},
- "cwe_uid": {
- "requirement": "optional"
- },
- "cwe_url": {
+ "cwe":{
"requirement": "optional"
},
"modified_time": {
- "caption": "Record Modified Date",
"description": "The Record Modified Date identifies when the CVE record was last updated.",
"requirement": "optional"
},
"created_time": {
- "caption": "Record Creation Date",
"description": "The Record Creation Date identifies when the CVE ID was issued to a CVE Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note that the Record Creation Date does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.",
"requirement": "recommended"
},
diff --git a/objects/cwe.json b/objects/cwe.json
new file mode 100644
index 000000000..e31aec16c
--- /dev/null
+++ b/objects/cwe.json
@@ -0,0 +1,21 @@
+{
+ "caption": "CWE",
+ "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the Common Weakness Enumeration (CWE) catalog.",
+ "extends": "object",
+ "name": "cwe",
+ "attributes": {
+ "caption":{
+ "description": "The caption assigned to the Common Weakness Enumeration unique identifier.",
+ "requirement": "optional"
+ },
+ "src_url": {
+ "description": "URL pointing to the CWE Specification. For more information see CWE.",
+ "requirement": "optional"
+ },
+ "uid": {
+ "caption": "CWE ID",
+ "description": "The Common Weakness Enumeration unique number assigned to a specific weakness. A CWE Identifier begins \"CWE\" followed by a sequence of digits that acts as a unique identifier. For example: CWE-123.",
+ "requirement": "required"
+ }
+ }
+}
\ No newline at end of file
diff --git a/objects/vulnerability.json b/objects/vulnerability.json
index dcf8761fa..af5edf71a 100644
--- a/objects/vulnerability.json
+++ b/objects/vulnerability.json
@@ -5,7 +5,10 @@
"extends": "object",
"attributes": {
"cve": {
- "requirement": "required"
+ "requirement": "recommended"
+ },
+ "cwe": {
+ "requirement": "recommended"
},
"desc": {
"description": "The description of the vulnerability.",
@@ -18,7 +21,7 @@
"requirement": "optional"
},
"packages": {
- "requirement": "optional"
+ "requirement": "recommended"
},
"references": {
"requirement": "recommended"
@@ -31,11 +34,17 @@
},
"title": {
"description": "The title of the vulnerability.",
- "requirement": "optional"
+ "requirement": "recommended"
},
"vendor_name": {
"description": "The vendor who identified the vulnerability.",
"requirement": "optional"
}
+ },
+ "constraints":{
+ "at_least_one": [
+ "cve",
+ "cwe"
+ ]
}
}