Open cookiengineer opened 2 years ago
@stevespringett Is there a formal procedure on how to request a feature proposal other than here?
Related to #119
Is there a formal procedure on how to request a feature proposal other than here?
You're in the right place. Proposed changes go through the formalized standardization process. https://cyclonedx.org/about/standardization-process/
with release of CDX schema 1.5 new elements and properties were added to vulnerabilities
.
such as proofOfConcept
which can hold information what and how to exploit a system.
In the age of Docker, Kubernetes and other solutions that allow virtualizations, these solutions often come with preinstalled software, libraries and more importantly - preconfigured user accounts with default passwords.
In think what's missing from the Bill of Vulnerabilities use case are the following things:
postgres
?mysql
user? service running asroot
?)/usr/bin/nologin
?)/etc/shadow
(DES
?MD5
?MD6
?SHA1
?)mysql:mysql
,postgres:postgres
, remember the MongoDB hack? )haveibeenpwned
,Breach Compilation
,Collection #1
etc)