Global Security Database (GSD)

Hi all, This week's meeting is cancelled, as there are some time conflicts as well as the observed holiday. However, Josh Bressers and I will be presenting on GSD at the Linux Foundation's Open Source Summit later this week! Thanks all, ...

One option would be to support the OWASP CycloneDX standard. Technically, it's a Bill of Materials (BOM) format, however, it also supports Bill of Vulnerabilities, Advisory, and VEX format. We bill it as a "modern standard for the software supply chain". ...

While I think interoperability with existing formats is valuable, we should not restrict or limit the functionality to only the existing challenge areas (which have gotten us here in the first place). That being said, (and rereading this thread), I'm ...

I'm not sure I agree, but I would welcome some examples so we can better discuss this. Thanks. ------------------------------ Kurt Seifried Chief Blockchain Officer and Director of Special Projects Cloud Security Alliance [email protected] ...

The only logically sound approach is to integrate with the existing formats supported by MITRE, Centre-for-Threat-Informed-Defense, CIS Community-Defense Model etc. etc. STIX2.1 Interoperability is guaranteed. related projects incorporating STIX: ...