search

intel / cve-bin-tool

The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 200 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of known vulnerabilities associated with an SBOM or a list of components and versions.
https://cve-bin-tool.readthedocs.io/en/latest/
GNU General Public License v3.0
1.19k stars 457 forks source link

Hacktoberfest brainstorming #3221

Closed terriko closed 5 months ago

terriko commented 1 year ago

Just putting this out here early: I'm going to be looking for bugs for hacktoberfest, either ones that already exist, or ways to generate hacktoberfest-friendly issues. In previous years we've used this as a way to upgrade our type checking practices by fixing mypy errors, but I think we're down to only the mypy issues that are more complicated to solve so I don't expect to be using those this year. An ideal hacktoberfest bug to me is one that is (a) well-defined (b) relatively short (maybe 5-10 lines of fix) (c) doesn't require deep knowledge of our architecture and data structure (i.e. can be handled by a casual drop-in). Most people are generally looking to get some easy commits in so they can get a t-shirt/prize, and a few people will be willing to tackle larger bugs too.

Some ideas for this year from our meeting today:

(I think there were more suggestions but apparently I should have been taking notes...)

Anyhow, if you've got an idea of simpler code quality and refactoring jobs, or you notice an "easy" bug that I could flag for hacktoberfest, mention it here!

Rexbeast2 commented 1 year ago

Another idea I got is to add a little bit of documentation about cvss-2, cvss-3, and cvss-4 (probably released during hacktoberfest) and their difference. I don't think we currently have those. And we might not need a large section, just a small paragraph or like brief overview of how they are different would be nice.

terriko commented 1 year ago

@Rexbeast2 that's a great one. Even if it's just a sentence and a few links I think it would be helpful.

Rexbeast2 commented 1 year ago

@terriko, another issue about documentation, the architecture of the database, which is given in the database, is old. Doesn't include the metric table and cve metric table. Ofc it's not expected for new users to know it. I could update the image, and they would have to describe about the database and its relation.

terriko commented 1 year ago

@Rexbeast2 I like this one too. if you've got some time to generate those new images that would be very helpful!

Rexbeast2 commented 1 year ago

Yeah sure, I will update the image.

terriko commented 5 months ago

Closing this as hacktoberfest is long over for 2023! (but we'll likely open a new one before hacktoberfest 2024)