Open ctron opened 2 months ago
Sounds like a good idea. We just don't have type
nor source
fields on each Vulnerability yet. But once they are available, that would be useful, I agree
@ctron, could you please detail why several vulnerabilities with same ID do exist ?
The ID isn't a system generated ID. But a user (document provider) provided piece of information. Naming an advisory after the CVE it describes seems a common pattern.
The Vulnerabilities -> Advisories (Tab) feels confusing:
I see two advisories, with the same ID as the vulnerability. With different information.
Now I do know exactly why it has the same ID and different information. However, we should explain to the user that situation.
One way to deal with this could be to show the "source" of that information. We could e.g. add two badges: a type, and a source. Like
type=cve
, andtype=csaf, source=redhat.com
.