Clarify the inclusion of open-source projects for the value vendor in 3.2.1.8.1 Document Property - Publisher - Category

[sonnyvanlingen]

Section 3.2.1.8.1 Document Property - Publisher - Category documents that:

the value vendor indicates developers or maintainers of information system products or services. This includes all authoritative product vendors, Product Security Incident Response Teams (PSIRTs), and product resellers and distributors, including authoritative vendor partners.

For usability reasons, I suggest that in this definition we clarify that this definition also includes open source software providers, also aligning better with the definition in 1.2 Terminology.

[tschmidtb51]

@sonnyvanlingen Please provide a text suggestion that we can discuss in the next TC meeting. Thanks!

[sonnyvanlingen]

Here goes. Just for clarity:

the value vendor indicates developers or maintainers of information system products or services. This includes all authoritative product vendors, Product Security Incident Response Teams (PSIRTs), open source software providers, and product resellers and distributors, including authoritative vendor partners.