In a future (the future is now) with "many" ADPs, conveying the type of ADP is probably useful. With the expectation that we'll discuss and test this, I'll prpose a new bit of schema:
.containers.adp[].x_adpType
Values would be a managed enumeration. For the SADP pilot, everyone should use the value 'supplier'.
Proposed definitions:
supplier: The ADP is the Supplier of the Products identified in the ADP container.
enrichment: The ADP adds information to the CVE Record. The information may be constrained by the ADP's scope.
If this is adopted, the CISA Vulnrichment ADP would set "x_adpType": "enrichment". Also this would become a proper schema addition, i.e., adpType.
$ curl -s https://cveawg-adp-test.mitre.org/api/cve/CVE-2025-51591 | jq -r .containers.adp[1].x_adpType
supplier
In a future (the future is now) with "many" ADPs, conveying the type of ADP is probably useful. With the expectation that we'll discuss and test this, I'll prpose a new bit of schema:
.containers.adp[].x_adpTypeValues would be a managed enumeration. For the SADP pilot, everyone should use the value 'supplier'.
Proposed definitions:
supplier: The ADP is the Supplier of the Products identified in the ADP container.
enrichment: The ADP adds information to the CVE Record. The information may be constrained by the ADP's scope.
If this is adopted, the CISA Vulnrichment ADP would set
"x_adpType": "enrichment". Also this would become a proper schema addition, i.e.,adpType.