From b51f3dfd54efd2bb5f95751a535f6d145bec24ce Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Tue, 27 Jun 2023 13:54:12 -0400
Subject: [PATCH 1/6] Creating a new cwe object definition

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 objects/cwe.json | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 objects/cwe.json

diff --git a/objects/cwe.json b/objects/cwe.json
new file mode 100644
index 000000000..2ac61f274
--- /dev/null
+++ b/objects/cwe.json
@@ -0,0 +1,16 @@
+{
+  "caption": "CWE",
+  "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
+  "extends": "object",
+  "name": "cwe",
+  "attributes": {
+    "uid": {
+      "caption": "CWE ID",
+      "description": "The Common Weakness Enumeration unique number assigned to a specific weakness. A CWE Identifier begins \"CWE\" followed by a sequence of digits that acts as a unique identifier. For example: <code>CWE-123</code>.",
+      "requirement": "required"
+    },
+    "cwe_url": {
+      "requirement": "optional"
+    }
+  }
+}

From 750e8f325d92995ac37a3dbf619d99c716277309 Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Tue, 27 Jun 2023 13:55:09 -0400
Subject: [PATCH 2/6] adding corresponding entry in dictionary

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 dictionary.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dictionary.json b/dictionary.json
index c78d651b0..a515f68ac 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -994,10 +994,10 @@
       "description": "The CVSS object details Common Vulnerability Scoring System (<a target='_blank' href='https://www.first.org/cvss/'>CVSS</a>) scores from the advisory that are related to the vulnerability.",
       "type": "cvss"
     },
-    "cwe_uid": {
-      "caption": "CWE UID",
-      "description": "The <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> unique identifier. For example: <code>CWE-787</code>.",
-      "type": "string_t"
+    "cwe": {
+      "caption": "CWE",
+      "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
+      "type": "cwe"
     },
     "cwe_url": {
       "caption": "CWE URL",

From ff0623c43046a5869fef2362eb65317108400432 Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Tue, 27 Jun 2023 13:55:36 -0400
Subject: [PATCH 3/6] adding cwe object in the vuln object

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 objects/vulnerability.json | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/objects/vulnerability.json b/objects/vulnerability.json
index dcf8761fa..30b22e5ad 100644
--- a/objects/vulnerability.json
+++ b/objects/vulnerability.json
@@ -5,7 +5,10 @@
   "extends": "object",
   "attributes": {
     "cve": {
-      "requirement": "required"
+      "requirement": "recommended"
+    },
+    "cwe": {
+      "requirement": "recommended"
     },
     "desc": {
       "description": "The description of the vulnerability.",
@@ -37,5 +40,11 @@
       "description": "The vendor who identified the vulnerability.",
       "requirement": "optional"
     }
+  },
+  "constraints":{
+    "at_least_one": [
+      "cve",
+      "cwe"
+    ]
   }
 }

From db99f19df977f5c6af9c54f43651e546371384b7 Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Tue, 27 Jun 2023 13:55:55 -0400
Subject: [PATCH 4/6] cleaning up cve object

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 objects/cve.json | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/objects/cve.json b/objects/cve.json
index d1336a771..b58ad5e5a 100644
--- a/objects/cve.json
+++ b/objects/cve.json
@@ -7,19 +7,11 @@
     "cvss": {
       "requirement": "recommended"
     },
-    "cwe_uid": {
-      "requirement": "optional"
-    },
-    "cwe_url": {
-      "requirement": "optional"
-    },
     "modified_time": {
-			"caption": "Record Modified Date",
       "description": "The Record Modified Date identifies when the CVE record was last updated.",
       "requirement": "optional"
     },
     "created_time": {
-			"caption": "Record Creation Date",
       "description": "The Record Creation Date identifies when the CVE ID was issued to a CVE Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note that the Record Creation Date does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.",
       "requirement": "recommended"
     },

From 38cc9d18614f18ec296c4e326ae7a78516903cd1 Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Tue, 27 Jun 2023 14:02:08 -0400
Subject: [PATCH 5/6] adding cwe object in cve

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 objects/cve.json | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/objects/cve.json b/objects/cve.json
index b58ad5e5a..cca8f31fa 100644
--- a/objects/cve.json
+++ b/objects/cve.json
@@ -7,6 +7,10 @@
     "cvss": {
       "requirement": "recommended"
     },
+    "cwe":{
+      "requirement": "optional",
+      "description": "The Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types. The CWE Specification provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. For more information see <a target='_blank' href='https://cwe.mitre.org/'>CWE</a>"
+    },
     "modified_time": {
       "description": "The Record Modified Date identifies when the CVE record was last updated.",
       "requirement": "optional"

From e9af9bbf3d10e8432fa052816e76b89f7464c23b Mon Sep 17 00:00:00 2001
From: Rajas <rajaspa@amazon.com>
Date: Wed, 28 Jun 2023 14:15:45 -0400
Subject: [PATCH 6/6] Minor revisions to descriptions, refactoring src_url in
 cwe, adjusting requirements

Signed-off-by: Rajas <rajaspa@amazon.com>
---
 dictionary.json            |  5 -----
 objects/cve.json           |  3 +--
 objects/cwe.json           | 13 +++++++++----
 objects/vulnerability.json |  4 ++--
 4 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/dictionary.json b/dictionary.json
index a515f68ac..a80768ec3 100644
--- a/dictionary.json
+++ b/dictionary.json
@@ -999,11 +999,6 @@
       "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
       "type": "cwe"
     },
-    "cwe_url": {
-      "caption": "CWE URL",
-      "description": "Common Weakness Enumeration (CWE) definition URL. For example: <code>https://cwe.mitre.org/data/definitions/787.html</code>.",
-      "type": "url_t"
-    },
     "data": {
       "caption": "Data",
       "description": "The additional data that is associated with the event or object. See specific usage.",
diff --git a/objects/cve.json b/objects/cve.json
index cca8f31fa..cddf418ce 100644
--- a/objects/cve.json
+++ b/objects/cve.json
@@ -8,8 +8,7 @@
       "requirement": "recommended"
     },
     "cwe":{
-      "requirement": "optional",
-      "description": "The Common Weakness Enumeration (CWE) is a community-developed list of software and hardware weakness types. The CWE Specification provides a common language of discourse for discussing, finding and dealing with the causes of software security vulnerabilities as they are found in code, design, or system architecture. For more information see <a target='_blank' href='https://cwe.mitre.org/'>CWE</a>"
+      "requirement": "optional"
     },
     "modified_time": {
       "description": "The Record Modified Date identifies when the CVE record was last updated.",
diff --git a/objects/cwe.json b/objects/cwe.json
index 2ac61f274..e31aec16c 100644
--- a/objects/cwe.json
+++ b/objects/cwe.json
@@ -4,13 +4,18 @@
   "extends": "object",
   "name": "cwe",
   "attributes": {
+    "caption":{
+      "description": "The caption assigned to the Common Weakness Enumeration unique identifier.",
+      "requirement": "optional"
+    },
+    "src_url": {
+      "description": "URL pointing to the CWE Specification. For more information see <a target='_blank' href='https://cwe.mitre.org/'>CWE.</a>",
+      "requirement": "optional"
+    },
     "uid": {
       "caption": "CWE ID",
       "description": "The Common Weakness Enumeration unique number assigned to a specific weakness. A CWE Identifier begins \"CWE\" followed by a sequence of digits that acts as a unique identifier. For example: <code>CWE-123</code>.",
       "requirement": "required"
-    },
-    "cwe_url": {
-      "requirement": "optional"
     }
   }
-}
+}
\ No newline at end of file
diff --git a/objects/vulnerability.json b/objects/vulnerability.json
index 30b22e5ad..af5edf71a 100644
--- a/objects/vulnerability.json
+++ b/objects/vulnerability.json
@@ -21,7 +21,7 @@
       "requirement": "optional"
     },
     "packages": {
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "references": {
       "requirement": "recommended"
@@ -34,7 +34,7 @@
     },
     "title": {
       "description": "The title of the vulnerability.",
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "vendor_name": {
       "description": "The vendor who identified the vulnerability.",