A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
We are returning in some cases too many references - Reference URLs. The volume of data can be overwhelming for popular vulnerabilities.
Eventually we need to qualify, sort and triage these references to make it easier to "triage" the references to focus on the higher value references. For example GitHub commit or pull request references should be very helpful if you are trying to analyze the impact of a vulnerability on your code, but references to discussion threads may be tangential.
It could also mean moving some references to packages or to the package-advisory intersection and create dedicated models for some reference data types.
From a chat with @mjherzog :
We are returning in some cases too many references - Reference URLs. The volume of data can be overwhelming for popular vulnerabilities.
Eventually we need to qualify, sort and triage these references to make it easier to "triage" the references to focus on the higher value references. For example GitHub commit or pull request references should be very helpful if you are trying to analyze the impact of a vulnerability on your code, but references to discussion threads may be tangential.
It could also mean moving some references to packages or to the package-advisory intersection and create dedicated models for some reference data types.