Adding CWE object to the framework & in the vulnerability object

dictionary.json

@@ -994,15 +994,10 @@
       "description": "The CVSS object details Common Vulnerability Scoring System (<a target='_blank' href='https://www.first.org/cvss/'>CVSS</a>) scores from the advisory that are related to the vulnerability.",
       "type": "cvss"
     },
-    "cwe_uid": {
-      "caption": "CWE UID",
-      "description": "The <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> unique identifier. For example: <code>CWE-787</code>.",
-      "type": "string_t"
-    },
-    "cwe_url": {
-      "caption": "CWE URL",
-      "description": "Common Weakness Enumeration (CWE) definition URL. For example: <code>https://cwe.mitre.org/data/definitions/787.html</code>.",
-      "type": "url_t"
+    "cwe": {
+      "caption": "CWE",
+      "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
+      "type": "cwe"
     },
     "data": {
       "caption": "Data",

objects/cve.json

@@ -7,19 +7,14 @@
     "cvss": {
       "requirement": "recommended"
     },
-    "cwe_uid": {
-      "requirement": "optional"
-    },
-    "cwe_url": {
+    "cwe":{
       "requirement": "optional"
     },
     "modified_time": {
-			"caption": "Record Modified Date",
       "description": "The Record Modified Date identifies when the CVE record was last updated.",
       "requirement": "optional"
     },
     "created_time": {
-			"caption": "Record Creation Date",
       "description": "The Record Creation Date identifies when the CVE ID was issued to a CVE Numbering Authority (CNA) or the CVE Record was published on the CVE List. Note that the Record Creation Date does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.",
       "requirement": "recommended"
     },

objects/cwe.json

@@ -0,0 +1,21 @@
+{
+  "caption": "CWE",
+  "description": "The CWE object represents a weakness in a software system that can be exploited by a threat actor to perform an attack. The CWE object is based on the <a target='_blank' href='https://cwe.mitre.org/'>Common Weakness Enumeration (CWE)</a> catalog.",
+  "extends": "object",
+  "name": "cwe",
+  "attributes": {
+    "caption":{
+      "description": "The caption assigned to the Common Weakness Enumeration unique identifier.",
+      "requirement": "optional"
+    },
+    "src_url": {
+      "description": "URL pointing to the CWE Specification. For more information see <a target='_blank' href='https://cwe.mitre.org/'>CWE.</a>",
+      "requirement": "optional"
+    },
+    "uid": {
+      "caption": "CWE ID",
+      "description": "The Common Weakness Enumeration unique number assigned to a specific weakness. A CWE Identifier begins \"CWE\" followed by a sequence of digits that acts as a unique identifier. For example: <code>CWE-123</code>.",
+      "requirement": "required"
+    }
+  }
+}

objects/vulnerability.json

@@ -5,7 +5,10 @@
   "extends": "object",
   "attributes": {
     "cve": {
-      "requirement": "required"
+      "requirement": "recommended"
+    },
+    "cwe": {
+      "requirement": "recommended"
     },
     "desc": {
       "description": "The description of the vulnerability.",
@@ -18,7 +21,7 @@
       "requirement": "optional"
     },
     "packages": {
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "references": {
       "requirement": "recommended"
@@ -31,11 +34,17 @@
     },
     "title": {
       "description": "The title of the vulnerability.",
-      "requirement": "optional"
+      "requirement": "recommended"
     },
     "vendor_name": {
       "description": "The vendor who identified the vulnerability.",
       "requirement": "optional"
     }
+  },
+  "constraints":{
+    "at_least_one": [
+      "cve",
+      "cwe"
+    ]
   }
 }