mjherzog
commented
1 year ago There are currently some Aliases from bug tracking systems where the Alias value is just a number. We need to come up with some way to make these Aliases more comprehensible - probably defined at the time that we start collecting such data. Some examples for VCID-9hud-dkbs-aaap are:
- 1930423 for URL: https://bugzilla.redhat.com/show_bug.cgi?id=1930423
- 983664 for URL: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983664
For these it might make sense to use Aliases like bugzilla.redhat.com-1930423 and bugs.debian.org-983664.
A vulnerability alias is designed to be strong identifiers. We want to to document and validate what we can use as aliases, such as a CVE prefixed CVE id.