The Inner Circle

Expand all | Collapse all

New working group - Universal Vulnerability Identifier

  • 1.  New working group - Universal Vulnerability Identifier

    Posted 8 days ago
    This is the brainchild of @Kurt Seifried and @Josh Bressers. They have shown me several use cases in the industry where any number of researchers or technology stewards need to rapidly obtain a vulnerability ID that is similar to a CVE and quickly push it out to a universally accessible vulnerability DB.

    https://cloudsecurityalliance.org/blog/2021/07/15/got-vulnerability-cloud-security-alliance-wants-to-identify-it/​​

    ------------------------------
    Jim Reavis CCSK
    Cloud Security Alliance
    Bellingham WA
    ------------------------------


  • 2.  RE: New working group - Universal Vulnerability Identifier

    Posted 8 days ago
    Not just obtain an identifier, but publish it in an easily found location, we can't ask people to keep an on all sorts of random locations in case a security vulnerability they care about pops up on it, we need to help people with discovery, and it can't lag for days or weeks, it should take seconds or minutes. A perfect example is Debian, they have thousands of security advisories, not all of which have CVEs, so now you have to parse ALL their advisories, this is workable for one vendor, but most companies rarely use a single vendor for all their software. We'll be working on a proof-of-concept hopefully this weekend for UVI coverage of ALL of Debians vulnerabilities using an automated system.

    ------------------------------
    Kurt Seifried
    Chief Blockchain Officer and Director of Special Projects
    Cloud Security Alliance
    [email protected]
    ------------------------------