nix-security-tracker icon indicating copy to clipboard operation
nix-security-tracker copied to clipboard

Published 20 hours ago verified publisher icon Nix-Security-WG

Deduplicate CVEs

Open fricklerhandwerk opened this issue 5 months ago • 0 comments

In our ingested data, many CVE numbers appear multiple times since they seem to come from different sources.

As a security team member, I want to only have to deal with unique CVEs.

For example, stage the ingested data before presenting it for triage, and deduplicate it automatically as far as possible:

  • Some of the data is redundant but not identical, e.g. differing only in capitalisation; pick one variant consistently
  • Some data fields are filled in one variant but not the other; merge
  • Some data fields conflict; present for manual resolution

fricklerhandwerk avatar Sep 26 '24 16:09 fricklerhandwerk