David "Pip" Pippenger

icon indicating a website link http://cisco.com icon indicating an email [email protected]

icon company Cisco icon location Pasadena, CA

Results 2 comments of David "Pip" Pippenger

Need CVE auto-linking disambiguation to CVEs that belong to more than 1 project

The github advisory database seems to be enforcing a 1:1 mapping of CVE ID to software project, see here https://github.com/github/advisory-database/pull/2868 The problem this creates is the NVD doesn't have this...

Latest release v0.13.0 has CVE-2020-14040 (score 7.5) from dependency golang.org/x/text v0.3.1

I would ask you reconsider your position. Having defects that are resolvable by upgrading components is generally good security practice. By rejecting these results simply because we can't figure out...