CWE-CAPEC / hw-cwe-sig

GitHub Repository for the HW CWE SIG
14 stars 9 forks source link

[WORKING ITEM] Sources for Hardware Vulnerability Reports #109

Open BobH-MITRE opened 9 months ago

ibojanova commented 9 months ago

The “GitHub Advisory Database” could be helpful. It is a "security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software." Vulnerabilities can be searched via associated CWEs. If “github” is added to the search query, the results are filtered to show only those for which code is available and commits can be found to see the changes done to fix the vulnerability.

The following, for example, is the list of vulnerabilities related to CWE-203 (Observable Discrepancy) for which code is available: https://github.com/advisories?query=cwe%3A203+github

BobH-MITRE commented 9 months ago

This one came from Peter Mell's presentation, "Your Hardware has Bugs - Comparing the Hardware and Software Vulnerability Management Infrastructures"

https://trust-hub.org/#/vulnerability-db/soc-vulnerabilities