Global Security Database (GSD)

Thank you. Will start there Sent from my iPhone

Hi Randolph, Sorry I didn't see this sooner. A good starting place would be to sign up for the working group here: https://csaurl.org/gsd-signup We're currently working on the tooling, scripts, and onboarding documentation. You can find meetings on ...

Hi All, NIST has published NIST Internal Report (IR) 8409, Measuring the Common Vulnerability Scoring System Base Score Equation. Calculating the severity of information technology vulnerabilities is important for prioritizing vulnerability remediation ...

I don't think these are vulnerabilities per se, but they are definitely sharp edges that clearly most people don't know about. One thought: if there's an "informational" entry, e.g. "python pip will install software, as expected, but can also do so directly ...

https://twitter.com/david3141593/status/1584462389977939968?s=43&t=CEmtkaMrle2hJwbdOXjMzw TIL python's pip will execute a setup .py directly from a ZIP archive from a web URL, with mime sniffing. This allows for a nice lolbin oneliner, with payload ...