Dennis Clark

The KEV catalog entries are identified by a CVE value; however, the additional data provided in the KEV entries are probably best directly associated with a VCID in VulnerableCode, so...

Suggested appearance in the VCIO UI: I think the new fields would be best placed, only if there are any values obtained by an Improver from the KEV, on the...

We of course need an Improver to gather the KEV entries. Note that the dateAdded field is required in the KEV catalog, so that is probably the best way to...

@TG1999 @pombredanne I think we are ready to assign this one to a developer.

See discussion document at https://docs.google.com/document/d/1XtMmxthmANhr-IqXsyMgFnrOq5fTGfsE/edit?usp=sharing&ouid=117241222429542576816&rtpof=true&sd=true See work-in-progress normalized model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing

The proposed normalized Exploits model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing is ready for review.

The proposed normalized Exploits model spreadsheet at https://docs.google.com/spreadsheets/d/1J2t2T_s015pnAouy5ss-AA0SI4e2xjT4uICjlL_Aa38/edit?usp=sharing has been reviewed and ready for implementation.

we might also add a negative element: element: number_of_misleading_matches_reported description: the number of matches (snippet or whole file) that are not quite accurate or do not add meaningful value.

@pombredanne @ziadhany I do not understand the value of collecting exploits from exploitdb in the context of VulnerableCode. I don't see any PURLs or other identifiers in that database (perhaps...

@ziadhany Thanks for the clarification -- very helpful.