Merge pull request #314 from armintaenzertng/securityProfileFix

Security: change Boolean to xsd:boolean and fix justification type

model/Security/Classes/ExploitCatalogVulnAssessmentRelationship.md

@@ -43,7 +43,7 @@ Catalog (KEV)
   - minCount: 1
   - maxCount: 1
 - exploited
-  - type: Boolean
+  - type: xsd:boolean
   - minCount: 1
   - maxCount: 1
 - locator

model/Security/Classes/SsvcVulnAssessmentRelationship.md

@@ -4,14 +4,14 @@ SPDX-License-Identifier: Community-Spec-1.0
 
 ## Summary
 
-Provides a SSVC assessment for a vulnerability.
+Provides an SSVC assessment for a vulnerability.
 
 ## Description
 
-A SsvcVulnAssessmentRelationship describes the decision made using the
+An SsvcVulnAssessmentRelationship describes the decision made using the
 Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree as
-defined on  [https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc).
-It is intented to communicate the results of using the CISA SSVC Calculator.
+defined on [https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc](https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc).
+It is intended to communicate the results of using the CISA SSVC Calculator.
 
 **Syntax**
 
@@ -20,7 +20,7 @@ It is intented to communicate the results of using the CISA SSVC Calculator.
   "@type": "SsvcVulnAssessmentRelationship",
   "@id": "urn:spdx.dev:ssvc-1",
   "relationshipType": "hasSsvcAssessmentFor",
-  "decision": "act",
+  "decisionType": "act",
   "from": "urn:spdx.dev:vuln-cve-2020-28498",
   "to": ["urn:product-acme-application-1.3"],
   "assessedElement": "urn:npm-elliptic-6.5.2",
@@ -37,7 +37,7 @@ It is intented to communicate the results of using the CISA SSVC Calculator.
 
 ## Properties
 
-- decision
+- decisionType
   - type: SsvcDecisionType
   - minCount: 1
   - maxCount: 1

model/Security/Classes/VexFixedVulnAssessmentRelationship.md

@@ -42,7 +42,7 @@ element.
 ## Metadata
 
 - name: VexFixedVulnAssessmentRelationship
-- SubclassOf:  VulnVexAssessmentRelationship
+- SubclassOf: VexVulnAssessmentRelationship
 - Instantiability: Concrete
 
 ## Properties

model/Security/Classes/VexNotAffectedVulnAssessmentRelationship.md

@@ -10,7 +10,7 @@ not affected by the vulnerability.
 ## Description
 
 VexNotAffectedVulnAssessmentRelationship connects a vulnerability and a number
-of elements desigating them as products not affected by the vulnerability.
+of elements designating them as products not affected by the vulnerability.
 This relationship corresponds to the VEX not_affected status.
 
 **Constraints**
@@ -22,9 +22,9 @@ following requirements must be observed:
 to the doesNotAffect relationship type.
 * The from: end of the relationship must be a /Security/Vulnerability classed
 element.
-* Both impactStatement and justification properties have a cardinality of
+* Both impactStatement and justificationType properties have a cardinality of
 0..1 making them optional. Nevertheless, to produce a valid VEX not_affected
-statement, one of them MUST be defined. This is specfied in the Minimum Elements
+statement, one of them MUST be defined. This is specified in the Minimum Elements
 for VEX.
 
 **Syntax**
@@ -37,7 +37,7 @@ for VEX.
   "from": "urn:spdx.dev:vuln-cve-2020-28498",
   "to": ["urn:product-acme-application-1.3"],
   "assessedElement": "urn:npm-elliptic-6.5.2",
-  "justification": "componentNotPresent",
+  "justificationType": "componentNotPresent",
   "impactStatement": "Not using this vulnerable part of this library.",
   "suppliedBy": ["urn:spdx.dev:agent-jane-doe"],
   "publishedTime": "2021-03-09T11:04:53Z"
@@ -48,13 +48,13 @@ for VEX.
 ## Metadata
 
 - name: VexNotAffectedVulnAssessmentRelationship
-- SubclassOf:  VexVulnAssessmentRelationship
+- SubclassOf: VexVulnAssessmentRelationship
 - Instantiability: Concrete
 
 ## Properties
 
-- justification
-  - type: justification
+- justificationType
+  - type: VexJustificationType
   - minCount: 0
   - maxCount: 1
 - impactStatement

model/Security/Properties/decision.md → model/Security/Properties/decisionType.md

@@ -1,18 +1,18 @@
 SPDX-License-Identifier: Community-Spec-1.0
 
-# decision
+# decisionType
 
 ## Summary
 
 Provide the enumeration of possible decisions in the Stakeholder-Specific Vulnerability Categorization (SSVC) decision tree [https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf](https://www.cisa.gov/sites/default/files/publications/cisa-ssvc-guide%20508c.pdf)
 
 ## Description
 
-A decision is a mandatory value and must select one of the four entries in the `SsvcDecisionType.md` vocabulary.
+A decisionType is a mandatory value and must select one of the four entries in the `SsvcDecisionType.md` vocabulary.
 
 ## Metadata
 
-- name: decision
+- name: decisionType
 - Nature: DataProperty
 - Range: SsvcDecisionType
 

model/Security/Properties/exploited.md

@@ -14,5 +14,5 @@ This field is set when a CVE is listed in an exploit catalog.
 
 - name: exploited
 - Nature: DataProperty
-- Range: Boolean
+- Range: xsd:boolean
 

model/Security/Properties/justification.md → model/Security/Properties/justificationType.md

@@ -1,6 +1,6 @@
 SPDX-License-Identifier: Community-Spec-1.0
 
-# justification
+# justificationType
 
 ## Summary
 
@@ -19,7 +19,7 @@ complementary to the justification label, but one of both MUST be defined.
 
 ## Metadata
 
-- name: justification
+- name: justificationType
 - Nature: DataProperty
 - Range: VexJustificationType