Add a formal semver 2.0.0 version type

schema/docs/versions.md

@@ -288,6 +288,78 @@ Now that we know how to encode version objects, that would be written as:
 		}
 	]
 
+### Version Types
+
+#### Semantic versioning 2.0.0
+
+Type identifier: `semver-2.0.0`
+Formally specified here at https://semver.org/spec/v2.0.0.html
+`semver-2.0.0` is new type introduced to formally specify usage of semantic versioning. 
+
+`semver-2.0.0` in its simplest form is a dot separated triple. eg `1.2.3`. The three parts have names with the first being the `MAJOR`, the second being `MINOR` and the third `PATCH`. The [Semantic](https://en.wikipedia.org/wiki/Semantics) meaning of each is described as 
+1. MAJOR version when you make incompatible API changes
+2. MINOR version when you add functionality in a backward compatible manner
+3. PATCH version when you make backward compatible bug fixes
+This triple can be extended with either a `-` or a `+` or with both for `pre-release` and `build` identifiers.
+The triple can only be populated with non-negative integers and must not contain leading zeros. 
+Ordering of the triple is determined by the first difference when comparing each of these identifiers from left to right as follows: Major, minor, and patch versions are always compared numerically.
+Full ordering for pre-releases and builds are described in the semver document [here](https://semver.org/spec/v2.0.0.html#spec-item-11).
+While the triple can only contain numeric values the `pre-release` and `build` are free to be alpha numeric. 
+A complete definition of this version type can be viewed here
+https://semver.org/spec/v2.0.0.html#backusnaur-form-grammar-for-valid-semver-versions
+
+In the interest of simplicity the `semver-2.0.0` version type has two parameters which define a continuous range. `lowerBound` and `upperBound` each must be a valid semver triple with optional pre-release/build extensions.
+
+##### Example
+
+```
+"affected": [
+        {
+          "vendor": "Example.org",
+          "product": "Example Enterprise",
+          "versions": [
+            {
+              "versionType": "semver-2.0.0",
+              "status": "affected",
+              "inclusiveLowerBound": "1.2.3-alpha",
+              "exclusiveUpperBound": "2.3.4+build17"
+            }
+            {
+              "versionType": "semver-2.0.0",
+              "status": "unaffected",
+              "exclusiveLowerBound": "3.4.5-beta",
+              "inclusiveUpperBound": "4.5.6+assembly88"
+            }
+            {
+              "versionType": "semver-2.0.0",
+              "status": "affected",
+              "exactly": "5.6.7-gamma",
+            }
+            {
+              "versionType": "semver-2.0.0",
+              "status": "affected",
+              "exactly": "6.7.8-delta",
+            }
+            {
+              "versionType": "semver-2.0.0",
+              "status": "affected",
+              "exclusiveUpperBound": "1.0.0",
+            }
+            {
+              "versionType": "semver-2.0.0",
+              "status": "unknown",
+              "inclusiveLowerBound": "9.0.0",
+            }
+          ],
+        }
+      ],
+```
+
+#### Explainer
+
+A `semver-2.0.0` version is expressed as either a range or as a single exact version. Chaining multiple `semver-2.0.0` versions can be done to express more complex ranges. A `semver-2.0.0` range must begin with a lower bound which is followed by an upper bound. Each bound may be either inclusive or exclusive. These terms map as `exclusiveUpperBound` to `<`, `inclusiveUpperBound` to `<=`, `exclusiveLowerBound` to `>`, `inclusiveLowerBound` to `>=` and `exactly` to `=`. Thus the first example above could be rewritten as `>= 1.2.3-alpha, < 2.3.4+build17`.
+
+
 ## Version Status Changes
 
 As presented in the previous section,