clarify multiple English descriptions behavior for CVE Records?

[ElectricNroff]

I think there are realistic cases of multiple English descriptions that won't have everyone's expected behavior within CVE Services. This is not about corner cases such as en-GB-oed (supposed to be allowed but isn't); it's about usage patterns that will probably come up for some CNAs.

https://github.com/CVEProject/cve-services/blob/7397f13b420293754f992132dbd9495117556579/src/controller/cve.controller/cve.middleware.js#L55-L61
checks for en as the value of lang.

If more than one is found, an API request will fail in certain cases, e.g.,
https://github.com/CVEProject/cve-services/blob/7397f13b420293754f992132dbd9495117556579/src/controller/cve.controller/index.js#L55-L62

For CVE Services testing, is it important that both of these also fail?

{
  "lang": "en-US",
  "value": "This is my first English description."
},
{
  "lang": "en-US",
  "value": "This is my second English description."
}

{
  "lang": "EN",
  "value": "This is my first English description."
},
{
  "lang": "EN",
  "value": "This is my second English description."
}

Is it OK for a CNA to customize descriptions to reflect differences in product behavior across different English language editions, e.g.,

{
  "lang": "en-US",
  "value": "ABC 1.2 has incorrect permissions for the administrative directory (C:\AdminCenter by default)."
},
{
  "lang": "en-GB",
  "value": "ABC 1.2 has incorrect permissions for the administrative directory (C:\AdminCentre by default)."
}

?