search

PidgeyL / cve-search

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
http://adulau.github.com/cve-search/
Other
24 stars 4 forks source link

vFeed has gone commercial... #127

Open lvets opened 8 years ago

lvets commented 8 years ago

Hello,

It seems that vFeed has gone commercial: http://www.vfeed.io. There's still a community feed, but you have to register.

I now get the following error when updating cve-search:

...
Starting vfeed
Cannot open url http://www.toolswatch.org/vfeed/vfeed.db.tgz. Bad URL or not connected to the internet?
vfeed has 79987 elements (0 update)
...
PidgeyL commented 8 years ago

@toolswatch What would be the preferred approach for CVE-Search?

toolswatch commented 8 years ago

Hi, In fact, there are 3 different plans. Since CVE-search is not commercial and public, it falls under the Community Plan (see here http://www.vfeed.io/pricing/) . So, you can still register and download it. Once there is a new available db release, you will get notified via email with a direct link to the download. The only hassle (as for now) is that you have to decompress the DB yourself.

PidgeyL commented 8 years ago

Decompressing is not an issue. It's more the question of, "does every user of CVE-Search need an account, or do we make one generic account?"

toolswatch commented 8 years ago

Every user must open an account. Every usage of the database is tied to an account. This model will be enhanced later to become API Key. I need as well to control those who are using and embedding the database within their commercial software (and i got tons of them. Making money on my back !!).

PidgeyL commented 8 years ago

@adulau I assume we should change vFeed to a plug-in as well then, so that users that don't want to create an account, don't have to?