Git Product home page Git Product logo

Comments (6)

stof avatar stof commented on May 28, 2024 1

CVE is already a first-class citizen in the advisory format.

Regarding tags, I'm not sure we need them here (and even more if they are about mixing info about the kind of vulnerability and the community in which they happen).
Tagging vulnerability types might be useful

from security-advisories.

xabbuh avatar xabbuh commented on May 28, 2024

I agree with @stof. Tagging the affected community IMO doesn't make much sense. If you are not part of that community, you shouldn't have that package installed at all in the first place. However, being able to see what kind of vulnerability has been fixed might indeed be valuable information.

from security-advisories.

andrewhowdencom avatar andrewhowdencom commented on May 28, 2024

That seems reasonable.

The initial problem I was trying to solve was to group vulnerabilities together so someone who doesn't use composer in their projects (Magento 1.x, for example, doesn't support it natively) so they could still track the list of vulns that affect their stack. Is there another schema that you would recommend for this?

I'm undecided how I feel about a schema specific to vuln types; a new, limited schema must have a greater justification than a schema less limited in scope. I would currently argue that as it is not a problem I'm currently having, vuln types should not be part of the spec.

I tend to treat vulns as a boolean "should fix", rather than assessing the type.

from security-advisories.

stof avatar stof commented on May 28, 2024

@andrewhowdencom a generic tag system is not useful for tooling built on top of this advisory database, as the tools could not know what these tags are meant to represent

from security-advisories.

andrewhowdencom avatar andrewhowdencom commented on May 28, 2024

The tooling doesn't need to be clever necessarily; just provide a means of grouping vulnerabilities in a that means they're easy to browse. At the moment, there is no way to do this - as a Magento (or Drupal or Wordpress or whatever)

I'm quite happy to find another way to do this
this -- I just can't think of one without extending the schema in some way.

from security-advisories.

andrewhowdencom avatar andrewhowdencom commented on May 28, 2024

I'm going to close this, as it doesn't seem like something that can be resolved at the moment.

from security-advisories.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.