ruby-advisory-db icon indicating copy to clipboard operation
ruby-advisory-db copied to clipboard

Published 20 hours ago verified publisher icon rubysec

Support Openwall's OVE?

Open f3ndot opened this issue 8 years ago • 7 comments

As per Openwall's tweet:

CVE IDs difficult and slow to obtain? Enter OVE: http://www.openwall.com/ove Problem solved?

Perhaps we should consider supporting the OVE because whatever, who knows, maybe it'll be nice & complimentary to CVE-- Especially since OSVDB is gonezo

f3ndot avatar Aug 18 '16 23:08 f3ndot

How does OVE differ from DWF?

Per #251 and #224 we're already on the DWF system. We still need to convert our OSVDB entries into our DWF namespaces but barring any significant divergence this might be the same?

Worse comes to worse, adding another field if ids are available ain't a bad idea.

phillmv avatar Aug 19 '16 15:08 phillmv

Not sure! Just stumbled across it. DWF appears more complete and well supported. I'm fine with just that 😄

f3ndot avatar Aug 19 '16 15:08 f3ndot

There's no longer a repo at https://github.com/distributedweaknessfiling/DNA-Registry/

What's the state of security tracking db's here?

jrochkind avatar Dec 18 '16 16:12 jrochkind

DWF is definitely still around: https://github.com/distributedweaknessfiling/DWF-Database

tarcieri avatar Dec 20 '16 17:12 tarcieri

Thanks, I guess they're moving around? The first lines in the README of the repo @tarcieri links to are:

There is a good chance this database (and indeed repo) will be phased out in favor of the JSON database. If there is enough demand for it there may be a CSV representation of all the data, but if there isn't enough demand then we will simply drop it in 2017. So speak up if you want/need this.

I'm not sure where one finds "the JSON database", apparently not that repo?

jrochkind avatar Dec 20 '16 18:12 jrochkind

I think that's likely referring to:

https://github.com/distributedweaknessfiling/DWF-Database-Artifacts

tarcieri avatar Dec 20 '16 18:12 tarcieri

DWF is changing things up, so long story short: file an issue at https://github.com/distributedweaknessfiling/DWF-CNA-Registry and we can start the process (disclaimer: I'm away at RSA this coming week).

As for where the data is published I'm sharding the database into blocks, the master database is at:

https://github.com/distributedweaknessfiling/DWF-CNA-Registry

from which MITRE will pull things (once we get the JSON format nailed down).

kurtseifried avatar Feb 10 '17 19:02 kurtseifried

Clicking on "https://github.com/distributedweaknessfiling/" returned "Orphaned Organization" - Any update?

jasnow avatar Mar 12 '23 16:03 jasnow

The permanent home is now https://github.com/cloudsecurityalliance/gsd-database

kurtseifried avatar Mar 14 '23 15:03 kurtseifried

Closing this since NVD/MITRE managed to resolve the issues with CVE assignment. I think we should consider migrating to a new ID format or schema when everyone else starts to do so; so we don't accidentally adopt a standard that ends up becoming abandoned like with OSVDB IDs.

postmodern avatar May 23 '23 19:05 postmodern