Olle E. Johansson comments

Results 151 comments of


                                            Olle E. Johansson

TEA: How do we indicate type of artefact

Sounds like a good plan. Does SPDX have a similar list like externalReferences?

TEA: How do we indicate type of artefact

That is a bit different but very interesting. It's a link attribute really. Maybe we can use something like that in the bundle.

TEA: How do we indicate type of artefact

Added CycloneDX external ref to pull request.

Project Idea: OSV as the solution for the Global Vulnerability Database (for open source) and mitigation for the CVE ecosystem existential risk

We are going to organise a webinar on this topic in the GVIP group.

Project Idea: OSV as the solution for the Global Vulnerability Database (for open source) and mitigation for the CVE ecosystem existential risk

> OSV is much more limited in detail than what is available in other formats already (it's a meta-grouping of external reports), so why would you want people to move...

Project Idea: OSV as the solution for the Global Vulnerability Database (for open source) and mitigation for the CVE ecosystem existential risk

Do we have a side by side comparison of CVE json and OSV json to show the difference?

Should `formats` within an Artifact Collection be flattened?

Yes, it's named Internet Media Types since a very long time. https://www.iana.org/assignments/media-types/media-types.xhtml

discovery: aliasing

I think we need to think hard on bundles and redirection. We won't get it right from start, but if we spend time on this we can get close :-)

CVE risk, threats and safety net

During our meeting, there was a lot of worry about the funding of the program and what would happen if funding runs out. There are multiple opinions about solutions and...

CVE risk, threats and safety net

WG decision in meeting today: @SecurityCRob will reach out and try to set up a regular meeting. CRob to reach out to Tanya, the CVE Board, and the CVE Foundation...