From 45a5bdc77c44339e791efd9854fa98a5f9c2f2e7 Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Tue, 23 Apr 2024 23:57:18 +0200
Subject: [PATCH 1/4] Preconditions

- resolves oasis-tcs/csaf#706
- add definition of preconditions as defined category
---
 .../edit/src/schema-elements-02-props-03-vulnerabilities.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
index 80e18f41..da1f993f 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
@@ -370,6 +370,12 @@ Vulnerability notes (`notes`) of value type Notes Type (`notes_t`) holds notes a
     },
 ```
 
+The following combinations of `category` and `title` have a special meaning and MUST be used as stated below:
+
+| `category` | `title` | content of `text` |
+|---------------|---------------|-------------------|
+| `description` | Preconditions | Contains a description of the preconditions that have to be fulfilled to be able to exploit the vulnerability, e.g. user account or physical access. |
+
 #### Vulnerabilities Property - Product Status
 
 Product status (`product_status`) of value type `object` with 1 or more properties contains different lists of `product_ids` which

From d8bab66d780cb6b882f88c99974ac9938c05667a Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Wed, 24 Apr 2024 00:02:22 +0200
Subject: [PATCH 2/4] Vulnerability summary vs. CVE description

- addresses parts of oasis-tcs/csaf#706
- formalizes the well-established category/title combinations for vulnerability notes
---
 .../edit/src/schema-elements-02-props-03-vulnerabilities.md     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
index da1f993f..748c3ba7 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
@@ -374,7 +374,9 @@ The following combinations of `category` and `title` have a special meaning and
 
 | `category` | `title` | content of `text` |
 |---------------|---------------|-------------------|
+| `description` | CVE description | Contains the official and unchanged CVE description for this specific vulnerability. |
 | `description` | Preconditions | Contains a description of the preconditions that have to be fulfilled to be able to exploit the vulnerability, e.g. user account or physical access. |
+| `summary` | Vulnerability summary | Contains a summary of the vulnerability which is not the official CVE description. |
 
 #### Vulnerabilities Property - Product Status
 

From 954436828b7dd46099bb10d50a915520719d66e9 Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Wed, 24 Apr 2024 00:13:37 +0200
Subject: [PATCH 3/4] Document Notes

- addresses parts of oasis-tcs/csaf#706
- formalizes the well-established category/title combinations for document notes
---
 .../edit/src/schema-elements-02-props-01-document.md      | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
index 8748eb5e..fd33aa4e 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
@@ -230,6 +230,14 @@ Document notes (`notes`) of value type Notes Type (`notes_t`) holds notes associ
     },
 ```
 
+The following combinations of `category` and `title` have a special meaning and MUST be used as stated below:
+
+| `category` | `title` | content of `text` |
+|---------------|---------------|-------------------|
+| `description` | Product description | Contains a description of a product given in the `product_tree` in regards to field of application and core functionality. |
+| `general` | General Security Recommendations | Contains general advise and security recommendations that are related, generic and might be independently applicable of the content of the CSAF document. |
+| `summary` | Summary | Contains a short summary of the content of the advisory. |
+
 #### Document Property - Publisher
 
 Publisher (`publisher`) has value type `object` with the mandatory properties Category (`category`), Name (`name`) and

From c93df8f1323d77463494ae86540a5ad1e5469de0 Mon Sep 17 00:00:00 2001
From: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
Date: Wed, 24 Apr 2024 18:26:35 +0200
Subject: [PATCH 4/4] Well-established note category/title combinations

- addresses feedback of oasis-tcs/csaf#725
- use title case
---
 .../prose/edit/src/schema-elements-02-props-01-document.md    | 2 +-
 .../edit/src/schema-elements-02-props-03-vulnerabilities.md   | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
index fd33aa4e..aebf670e 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-01-document.md
@@ -234,7 +234,7 @@ The following combinations of `category` and `title` have a special meaning and
 
 | `category` | `title` | content of `text` |
 |---------------|---------------|-------------------|
-| `description` | Product description | Contains a description of a product given in the `product_tree` in regards to field of application and core functionality. |
+| `description` | Product Description | Contains a description of a product given in the `product_tree` in regards to field of application and core functionality. |
 | `general` | General Security Recommendations | Contains general advise and security recommendations that are related, generic and might be independently applicable of the content of the CSAF document. |
 | `summary` | Summary | Contains a short summary of the content of the advisory. |
 
diff --git a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
index 748c3ba7..9dd409a9 100644
--- a/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
+++ b/csaf_2.1/prose/edit/src/schema-elements-02-props-03-vulnerabilities.md
@@ -374,9 +374,9 @@ The following combinations of `category` and `title` have a special meaning and
 
 | `category` | `title` | content of `text` |
 |---------------|---------------|-------------------|
-| `description` | CVE description | Contains the official and unchanged CVE description for this specific vulnerability. |
+| `description` | CVE Description | Contains the official and unchanged CVE description for this specific vulnerability. |
 | `description` | Preconditions | Contains a description of the preconditions that have to be fulfilled to be able to exploit the vulnerability, e.g. user account or physical access. |
-| `summary` | Vulnerability summary | Contains a summary of the vulnerability which is not the official CVE description. |
+| `summary` | Vulnerability Summary | Contains a summary of the vulnerability which is not the official CVE description. |
 
 #### Vulnerabilities Property - Product Status