-
According to section "3.2.3.13 Vulnerabilities Property - Scores" is `products` a mandatory property of the scores section of a vulnerability.
We notice however that (for instance) the NVD often publ…
-
As per the new CNA rules https://www.cve.org/Resources/Roles/Cnas/CNA_Rules_v4.0.pdf (effective August 8, 2024),
_4.2.3 CNAs MUST NOT consider the type of technology (e.g., cloud, on-premises, artifi…
-
Quick remarks
* The docker build failed for me .. had invested no time to debug it further,
* The manual build fails, too. I had to patch `build.gradle` o make it work.
```
diff --git a/build…
-
During implementation of https://github.com/csaf-poc/csaf_distribution/, especially the checker, aggregator and downloader part, our team at Intevation found that CSAF standard and tool implementors c…
-
# 🐛 Summary #
At least 7 files has the wrong hash proof.
## To reproduce ##
1. run `git pull`
2. compute sha512 on each ICSA and ICSMA
3. compare each with content of `.sha512`
## Expect…
-
This may go hand-in-hand with #200 . The request is to add a link to the machine readable and human readable advisories of a company. For example:
```
# Our Security Advisories
Advisories: https://…
-
I suggest to add automated tests into the Github repository using Github actions. Triggered by pushed commits into the repository, the tests would automatically be executed and show the result on the …
tolim updated
3 years ago
-
- https://repo.openeuler.org/security/data/cvrf/ (a cross-reference of CVE exist) - CVRF parser exists but it's indeed XML ;-)
-
Sometimes the web interface shows, after calling `https://example.com/cgi-bin/csaf_provider.go, the following message:
# CSAF-Provider - Directory structure created
Everything is setup fine now.…
-
> * CSAF producers **SHOULD NOT emit messages that contain HTML**, even though all variants of Markdown permit it. To include HTML, source code, or any other content that may be interpreted or execute…