cti-stix-common-objects icon indicating copy to clipboard operation
cti-stix-common-objects copied to clipboard
verified publisher icon oasis-open

Why not use the NIST API for CVE generation?

Open elemendar-syra opened this issue 1 year ago • 1 comments

As per https://nvd.nist.gov/developers/start-here I believe it would be easy to integrate updating CVEs using that rather than how the current build script does it, from what I can see. Again, happy to implement in a branch (obviously if you're then building and publishing daily you'd need to handle the CI/CD side with an API key)

elemendar-syra avatar Jun 30 '24 12:06 elemendar-syra

We provide a multi-source (including NVD) vulnerability database where the API is documented there https://vulnerability.circl.lu/doc

You can easily query NVD for example, this way: https://vulnerability.circl.lu/last/nvd/1 and many other sources.

To describe other vulnerabilities in STIX 2.1, an extension would be required to support the different sources. Maybe @chrisr3d as some ideas for potential extensions.

adulau avatar Jul 01 '24 04:07 adulau