Open rroberge opened 1 year ago
philCryoport
commented
10 months ago Yes please! A RSS feed that reports HIGH and CRITICAL CVEs would help me tremendously keep tabs on what software I need to update on my computer -- and on our servers. Thank you for approving this!
zmanion
commented
2 weeks ago @philCryoport distinguishing severity, priority, or risk is probably more than CVE can do consistently. For instance, a "CVSS 3.1 base score CRITICAL and HIGH" feed would not include vulnerabilities missing CVSS scores. With just a "recent" feed though it's pretty straight forward to get the CVSS information, if it exists.
zmanion
commented
2 weeks ago @rbrittonMitre and @rroberge should ths be moved to the website or services repository as a feature add?
Description
Feature: RSS Feeds for new and updated CVEs as they are published to CVE.org Audience: General Public
Additional Details
While CVEs are available in bulk downloads, and there is an API for pulling CVEs on a per-CVE basis, a push mechanism for publishing CVEs in a way that is consumable by downstream users and automated processes alike would find great utility among various IT defenders, CVE-watchers, and the general public.
RSS is just such a mechanism, and is well-understood in web development circles (see https://rss.com/blog/how-to-create-an-rss-feed/ for a beginner definition of RSS).
CVE entries are already well-formed data packets, and could easily be RSS-ified either as part of the publishing process at cve.org, or batched in regular updates (many RSS feeds poll for changes every few minutes in order to avoid updating for rapidly changing publications).
For an idea of what such an RSS might look like, see https://vuldb.com/?rss.recent. Another approach is documented at https://infosec.exchange/@cve.
As the examples show, other downstream providers of RSS feeds exist, but I feel like CVE.org should provide this push service directly as the first source of truth for CVE publications. Also, CVE.org has direct access to all the data and already has a publishing pipeline; it should be pretty straightforward to hook an RSS feed into that process.
Individual RSS items should reflect what's published on the CVE.org website today; the full JSON object should be provided, along with selected individual elements like title, publish and update dates, description, vendor, product, etc.
I would expect consumable RSS feeds like:
https://www.cve.org/cves.rss : Updates with NEW and CHANGED CVEs; this would be useful for most applications that track CVE IDs in general. https://www.cve.org/new-cves.rss : Updates live with NEW CVEs.; this would be useful for those applications that only care about new CVE IDs as they are published. https://www.cve.org/updated-cves.rss : Updates live with CHANGED CVEs; this would be useful for those applications that only care about CVEs when they change, such as an added reference or a revised description. https://www.cve.org/rejected-cves.rss: Updates live with only CVEs that change STATE from published to rejected.