CycloneDX / specification

OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
https://cyclonedx.org/
Apache License 2.0
363 stars 57 forks source link

Feature Proposal: Make it possible to communicate vulnerable user accounts, insecure passwords and hashing algorithms #157

Open cookiengineer opened 2 years ago

cookiengineer commented 2 years ago

In the age of Docker, Kubernetes and other solutions that allow virtualizations, these solutions often come with preinstalled software, libraries and more importantly - preconfigured user accounts with default passwords.

In think what's missing from the Bill of Vulnerabilities use case are the following things:

cookiengineer commented 2 years ago

@stevespringett Is there a formal procedure on how to request a feature proposal other than here?

stevespringett commented 2 years ago

Related to #119

stevespringett commented 2 years ago

Is there a formal procedure on how to request a feature proposal other than here?

You're in the right place. Proposed changes go through the formalized standardization process. https://cyclonedx.org/about/standardization-process/

jkowalleck commented 1 year ago

with release of CDX schema 1.5 new elements and properties were added to vulnerabilities. such as proofOfConcept which can hold information what and how to exploit a system.