Add support for hackerone reports

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

519 stars 190 forks source link

Add support for hackerone reports #88

Open pombredanne opened 4 years ago

pombredanne commented 4 years ago

See https://hackerone.com/reports/274267 for example

pombredanne commented 4 years ago

ossf/wg-vulnerability-disclosures#18 there is this data sheet linked: https://docs.google.com/spreadsheets/d/1yr72lUOGOwUMbpVg9g-ET8L531_Yec0oqFbr88Gs8tQ/edit?usp=sharing It basically tells how long it takes for a vulnerability made public on HackerOne to be registered at the NVD and receive a proper CVE e.g. "Days CVE Disclosed after H1 Disclosed"