carlosthe19916
commented
1 month ago Sounds like a good idea. We just don't have type nor source fields on each Vulnerability yet. But once they are available, that would be useful, I agree
Open ctron opened 2 months ago
carlosthe19916
commented
1 month ago Sounds like a good idea. We just don't have type nor source fields on each Vulnerability yet. But once they are available, that would be useful, I agree
gildub
commented
1 month ago @ctron, could you please detail why several vulnerabilities with same ID do exist ?
ctron
commented
1 month ago The ID isn't a system generated ID. But a user (document provider) provided piece of information. Naming an advisory after the CVE it describes seems a common pattern.
The Vulnerabilities -> Advisories (Tab) feels confusing:
I see two advisories, with the same ID as the vulnerability. With different information.
Now I do know exactly why it has the same ID and different information. However, we should explain to the user that situation.
One way to deal with this could be to show the "source" of that information. We could e.g. add two badges: a type, and a source. Like
type=cve, andtype=csaf, source=redhat.com.