mirror of
https://github.com/adulau/foo.be.git
synced 2024-12-25 18:06:00 +00:00
References added
This commit is contained in:
parent
6724f64b6d
commit
ca4bbeeb28
1 changed files with 9 additions and 0 deletions
|
@ -61,4 +61,13 @@ Linux distributions (like Debian or Ubuntu) should introduce the possibility to
|
|||
|
||||
CPE references in vulnerable_configuration (in CVEs) tend to include the vulnerable operating system but not the vulnerable software itself. cpe:/a: is not always defined and only the vulnerable operating systems are mentioned. There are many potential improvements but the CPE management could be slightly improved with a collaborative approach to add or updates CPE entries.
|
||||
|
||||
Maybe software vendors (including free software authors and proprietary vendors) should include a list of CPE describing the software included in their distributions, appliance, IoT, mobile phone... to support the work of people and organization who try to do vulnerability management.
|
||||
|
||||
## References
|
||||
|
||||
- [cve-search project](https://github.com/cve-search/)
|
||||
- [Debian Popularity Contest](http://popcon.debian.org/)
|
||||
- [Add Common Platform Enumerator information to package meta information](https://wiki.debian.org/CPEtagPackagesDep) - time to restart this proposal...
|
||||
|
||||
|
||||
[^1]: CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. [https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm)
|
||||
|
|
Loading…
Reference in a new issue