[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- To: "Nandakumaraiah, Chandan" <cbn@juniper.net>
- Subject: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: Kurt Seifried <kurt@seifried.org>
- Date: Tue, 13 Mar 2018 16:04:58 -0400
- Authentication-results: spf=none (sender IP is 192.52.194.235) smtp.mailfrom=LISTS.MITRE.ORG; imc.mitre.org; dkim=none (message not signed) header.d=none;imc.mitre.org; dmarc=none action=none header.from=seifried.org;
- Cc: "Seifried, Kurt" <kseifried@redhat.com>, "Theall, George A" <gtheall@mitre.org>, cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>, cve-board-auto-list <cve-board-auto-list@lists.mitre.org>
- Delivery-date: Tue Mar 13 16:52:14 2018
- In-reply-to: <edfe754d-5a6d-35b5-5002-591ce21019f8@juniper.net>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <SN1PR09MB07360F2095982406AE646F42B6C60@SN1PR09MB0736.namprd09.prod.outlook.com> <CANO=Ty2wSDOkzgnGZVzxvuOohYn+sFUx=UhbxKNPgBr_0Zh9YQ@mail.gmail.com> <274d2f03-97b5-e834-9952-7351037eac02@juniper.net> <CANO=Ty1g4JnkLvUEgt3LvmGZo+UfCd3n3bcVhtgj7GziQqS8Yw@mail.gmail.com> <1d30a540-1a69-4385-39ee-5449cf8f9cf9@juniper.net> <edfe754d-5a6d-35b5-5002-591ce21019f8@juniper.net>
- Sender: "owner-cve-editorial-board-list@lists.mitre.org" <owner-cve-editorial-board-list@lists.mitre.org>
- Thread-index: AdOxW/wrcf67jZi8SRaj1ItS8Zj/mQADkMaAAEO9dE8CI17TGw==
- Thread-topic: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
So I just learned about grafeas (did a podcast with Chris Rosen as guest), anyways TL;DR: they are basically doing similar things with JSON including something that is very similar to the alias field I proposed:
| Component Type | Identifier | Example |
|---|---|---|
| Debian | deb://dist(optional):arch:name:version | deb://lucid:i386:acl:2.2.49-2 |
| Docker | https://Namespace/name@sha256: | https://gcr.io/scanning-customer/dockerimage@sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b |
| Generic file | file://sha256::name | file://sha256:244fd47e07d1004f0aed9c156aa09083c82bf8944eceb67c946ff7430510a77b:foo.jar |
| Maven | gav://group:artifact:version |
gav://ant:ant:1.6.5 |
| NPM | npm://package:version | npm://mocha:2.4.5 |
| NuGet | nuget://module:version | nuget://log4net:9.0.1 |
| Python | pip://package:version | pip://raven:5.13.0 |
| RPM | rpm://dist(optional):arch:name:version | rpm://el6:i386:ImageMagick:6.7.2.7-4 |
So the above is similar in that you have a defined namespace and then some value.
I'm going to reach out to them to see what we can do to coordinate/cooperate as they seem to have some good ideas, especially around consumption of the data in automated ways.
Kurt Seifried
kurt@seifried.org
kurt@seifried.org
- References:
- Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: "Theall, George A" <gtheall@mitre.org>
- Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: Kurt Seifried <kseifried@redhat.com>
- Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- From: Kurt Seifried <kseifried@redhat.com>
- Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Prev by Date: RE: GDPR and CVE
- Next by Date: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Previous by thread: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Next by thread: Re: Notice of Pilot Activity in CVE Auto WG - Supporting NVD's Participation
- Index(es):
