Is this really a database of compromises / vulnerabiliities?

ossf / oss-compromises

Archive of various open source security compromises

5 stars 1 forks source link

Is this really a database of compromises / vulnerabiliities? #5

Closed david-a-wheeler closed 2 years ago

david-a-wheeler commented 2 years ago

Is this really a database of compromises? Or a database of externally-maintained fixes for publicly known vulnerabilities (intentional or not) that have not been repaired upstream? If it's really the latter, the name and description should match.

jspeed-meyers commented 2 years ago

My intention (and I think that of those cc'ed, but they can chime in) is for it to be the first: a database of compromises.

cc @piergiorgioladisa, @lumjjb, @inferno-chromium, @bureado

inferno-chromium commented 2 years ago

Yes, database of compromises over time and classifying them into attack classes.

jspeed-meyers commented 2 years ago

Closing unless David (or anyone else!) has a related question. If so, feel free to re-open.

david-a-wheeler commented 2 years ago

No need to re-open, you clearly answered the question. Thank you so much!