Global Security Database (GSD)

 View Only

Latest Publications

Keeping up with log4shell aka CVE-2021-44228 aka the log4j version 2

+ Released: December 16, 2021

Got Vulnerability? Cloud Security Alliance Wants to Identify It

+ Released: July 15, 2021

Publications In Development

GSD Working Group Charter

Peer Review/ Design

TBD

Latest Discussion Posts

  • Profile Picture

    No meeting June 20th

    Hi all, This week's meeting is cancelled, as there are some time conflicts as well as the observed holiday. However, Josh Bressers and I will be presenting on GSD at the Linux Foundation's Open Source Summit later this week! Thanks all, ...

  • One option would be to support the OWASP CycloneDX standard. Technically, it's a Bill of Materials (BOM) format, however, it also supports Bill of Vulnerabilities, Advisory, and VEX format. We bill it as a "modern standard for the software supply chain". ...

  • While I think interoperability with existing formats is valuable, we should not restrict or limit the functionality to only the existing challenge areas (which have gotten us here in the first place). That being said, (and rereading this thread), I'm ...

  • I'm not sure I agree, but I would welcome some examples so we can better discuss this. Thanks. ------------------------------ Kurt Seifried Chief Blockchain Officer and Director of Special Projects Cloud Security Alliance [email protected] ...

  • The only logically sound approach is to integrate with the existing formats supported by MITRE, Centre-for-Threat-Informed-Defense, CIS Community-Defense Model etc. etc. STIX2.1 Interoperability is guaranteed. related projects incorporating STIX: ...

Latest Shared Files

Current Members
89 Members
community Admin
community Moderator
community Leadership
community Admin
community Moderator
community Leadership