kerberosmansour
kerberosmansour
Sounds good, I trust your judgement. Should we reach out to PURL team and work with them to provide ranges + wilder card for consideration later?
Hi @pombredanne Thinking about the versioning range a bit more I like the entirely package type-specific approach here are my thoughts on the subject. The problems that are attempted to...
Yeah... If you look at the CPE match string conditions they also include exceptions - it be nice if we have that as well.
> CPE supports version ranges. SWID, to my knowledge, does not. > > Package-URL does not currently support version ranges, but it's not a crazy thing to ask for. >...
Is anyone planning to reach out to the CVE community to validate if they are prepared for that influx of data?
@stevespringett @david-a-wheeler was there ever a consensus on a way forward for this? I do feel there it is going in a general direction is that correct? Is it something...
Yeah there is overlap because [SCAP](https://datatracker.ietf.org/wg/sacm/charter/) is (predominantly) used to checking systems for insecure configuration (but because it uses OVAL under the hood it can pick up standard vulnerabilities). My...
Side note... OSQuery is an LF project, I would LOVE if it can take SCAP files or map running software to CVEs out of the box.
Hahaha! Are you sure about that @david-a-wheeler ? Yeah there is bound to be some collisions in acronyms! Since you are here - how do we have a chat with...
There is that and mapping running software on an end point to PURLs/CPEs and then mapping those back to CVEs (i.e. vulnerabilities) -Sherif On Fri, Oct 2, 2020 at 7:31...