CERTCC · ahouseholder · Mar 27, 2025 · Mar 27, 2025 · Mar 27, 2025
@@ -4,97 +4,97 @@
     "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json",
     "description": "Decision points are the basic building blocks of SSVC decision functions. Individual decision points describe a single aspect of the input to a decision function.",
     "$defs":     {
-	"schemaVersion": {
+        "schemaVersion": {
             "description": "Schema version used to represent this Decision Point.",
             "type": "string",
             "enum": ["1-0-1"]
         },
-	"decision_point_value": {
+        "decision_point_value": {
             "type": "object",
-	    "additionalProperties": false,	    
+            "additionalProperties": false,
             "properties": {
                 "key": {
                     "type": "string",
                     "description": "A short, unique string (or key) used as a shorthand identifier for a Decision Point Value.",
-		    "minLength": 1,
-		    "examples": ["P", "Y"]
+                    "minLength": 1,
+                    "examples": ["P", "Y"]
                 },
                 "name": {
                     "type": "string",
                     "description": "A short label that identifies a Decision Point Value",
-		    "minLength": 1,
-		    "examples": ["Public PoC", "Yes"]
+                    "minLength": 1,
+                    "examples": ["Public PoC", "Yes"]
                 },
                 "description": {
                     "type": "string",
                     "description": "A full description of the Decision Point Value.",
-		    "minLength": 1,
-		    "examples": ["One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.","Attackers can reliably automate steps 1-4 of the kill chain."]
+                    "minLength": 1,
+                    "examples": ["One of the following is true: (1) Typical public PoC exists in sources such as Metasploit or websites like ExploitDB; or (2) the vulnerability has a well-known method of exploitation.","Attackers can reliably automate steps 1-4 of the kill chain."]
                 }
             },
-	    "required" : [
-		"key",
-		"name",
-		"description"
-	    ]
-	},
-	"decision_point": {
-	    "type": "object",
-	    "additionalProperties": false,
-	    "properties": {
-		"schemaVersion": {
-		    "$ref": "#/$defs/schemaVersion"
-		},
-		"namespace": {
-		    "type": "string",
-		    "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.",
-		    "pattern": "^(?=.{3,25}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,22}$",
-		    "examples": ["ssvc", "cvss", "x_custom","x_custom/extension"]
-		},
-		"version": {
-		    "type": "string",
-		    "description": "Version (a semantic version string) that identifies the version of a Decision Point.",
-		    "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
-		    "examples": ["1.0.1", "1.0.1-alpha"]
-		},
-		"key": {
-		    "type": "string",
+            "required" : [
+                "key",
+                "name",
+                "description"
+            ]
+        },
+        "decision_point": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "schemaVersion": {
+                    "$ref": "#/$defs/schemaVersion"
+                },
+                "namespace": {
+                    "type": "string",
+                    "description": "Namespace (a short, unique string): The value must be one of the official namespaces, currenlty \"ssvc\", \"cvss\" OR can start with 'x_' for private namespaces. See SSVC Documentation for details.",
+                    "pattern": "^(?=.{3,100}$)(x_)?[a-z0-9]{3}([/.-]?[a-z0-9]+){0,97}$",
+                    "examples": ["ssvc", "cvss", "x_custom","x_custom/extension"]
+                },
+                "version": {
+                    "type": "string",
+                    "description": "Version (a semantic version string) that identifies the version of a Decision Point.",
+                    "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$",
+                    "examples": ["1.0.1", "1.0.1-alpha"]
+                },
+                "key": {
+                    "type": "string",
                     "description": "A short, unique string (or key) used as a shorthand identifier for a Decision Point.",
 
-		    "minLength": 1,
-		    "examples": ["E", "A"]
-		},
-		"name": {
-		    "type": "string",
+                    "minLength": 1,
+                    "examples": ["E", "A"]
+                },
+                "name": {
+                    "type": "string",
                     "description": "A short label that identifies a Decision Point.",
-		    "minLength": 1,
-		    "examples": ["Exploitation", "Automatable"]
-		},
-		"description": {
-		    "type": "string",
+                    "minLength": 1,
+                    "examples": ["Exploitation", "Automatable"]
+                },
+                "description": {
+                    "type": "string",
                     "description": "A full description of the Decision Point, explaining what it represents and how it is used in SSVC.",
-		    "minLength": 1
-		},
-		"values": {
-		    "description": "A set of possible answers for a given Decision Point",
-		    "uniqueItems": true,
-		    "type": "array",
-		    "minItems": 1,
-		    "items": {
-			"$ref": "#/$defs/decision_point_value"
-		    }
-		}
-	    },
-	    "required": [
-		"namespace",
-		"version",
-		"key",
-		"name",
-		"description",
-		"values",
-		"schemaVersion"
-	    ]
-	}
+                    "minLength": 1
+                },
+                "values": {
+                    "description": "A set of possible answers for a given Decision Point",
+                    "uniqueItems": true,
+                    "type": "array",
+                    "minItems": 1,
+                    "items": {
+                        "$ref": "#/$defs/decision_point_value"
+                    }
+                }
+            },
+            "required": [
+                "namespace",
+                "version",
+                "key",
+                "name",
+                "description",
+                "values",
+                "schemaVersion"
+            ]
+        }
     },
     "$ref": "#/$defs/decision_point"
 }
@@ -4,49 +4,49 @@
     "$id": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point_Group-1-0-1.schema.json",
     "description": "Decision Point Groups are sets of decision points pinned to specific versions of those decision points. These groups may change over time.",
     "$defs": {
-	"schemaVersion": {
+    "schemaVersion": {
             "description": "Schema version used to represent Decision Point Group.",
             "type": "string",
             "enum": ["1-0-1"]
         },
-	"decision_point_group": {
-	    "type": "object",
-	    "additionalProperties": false,
-	    "properties": {
-		"schemaVersion": {
+    "decision_point_group": {
+        "type": "object",
+        "additionalProperties": false,
+        "properties": {
+        "schemaVersion": {
                     "$ref": "#/$defs/schemaVersion"
                 },
-		"version": {
-		    "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/version"
-		},
-		"name": {
-		    "type": "string",
-		    "description": "A short label that captures the description of the Decision Point Group.",
-		    "minLength": 1,
-		    "examples": ["SSVC Supplier","Coordinator Triage", "SSVC Deployer"]
-		},
-		"description": {
-		    "type": "string",
-		    "description": "A full description of the Decision Point Group.",
-		    "minLength": 1,
-		    "examples": ["These decision points used by the Coordinator during publication."]
-		},
-		"decision_points": {
-		    "type": "array",
-		    "minItems": 1,
-		    "items": {
-			"$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json"
-		    }
-		}
-	    },
-	    "required": [
-		"version",
-		"name",
-		"description",
-		"decision_points",
-		"schemaVersion"
-	    ]
-	}
+        "version": {
+            "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json#/$defs/decision_point/properties/version"
+        },
+        "name": {
+            "type": "string",
+            "description": "A short label that captures the description of the Decision Point Group.",
+            "minLength": 1,
+            "examples": ["SSVC Supplier","Coordinator Triage", "SSVC Deployer"]
+        },
+        "description": {
+            "type": "string",
+            "description": "A full description of the Decision Point Group.",
+            "minLength": 1,
+            "examples": ["These decision points used by the Coordinator during publication."]
+        },
+        "decision_points": {
+            "type": "array",
+            "minItems": 1,
+            "items": {
+            "$ref": "https://certcc.github.io/SSVC/data/schema/v1/Decision_Point-1-0-1.schema.json"
+            }
+        }
+        },
+        "required": [
+        "version",
+        "name",
+        "description",
+        "decision_points",
+        "schemaVersion"
+        ]
+    }
     },
     "$ref": "#/$defs/decision_point_group"