I noticed that for the RHEL 7 oval file rhel-7-extras-including-unpatched.oval.xml.bz2 (directory link) there seem to be descriptions missing for 1000+ CVEs even though there is a bit of context on the corresponding RHEL CVE page.

For example, CVE-2016-2381 has description `<description></description>`, but the Red Hat CVE page has the description:

```
The MITRE CVE dictionary describes this issue as:

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
```

Is it possible to some sort of description like this to the OVAL files so clients have some sort of context for a large amount of CVEs?