#gcve — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #gcve, aggregated by home.social.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
Playing with CSAF 2.1 CSD02 and GCVE extensions.
https://discourse.ossbase.org/t/csaf-and-gcve-bcp-05-extensions/1093
I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.
-
I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
identification authority. I have authority to mint vulnerability
identifiers for cloud findings, including ones where vendor CNAs decline
to issue CVEs.I could start assigning IDs to my own research today. I won't.
Cloud vulnerability validation shouldn't be one person's judgment. Mine
or anyone else's.I'm forming a consensus panel of practitioners for each major cloud
platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
will go through panel review, not solo decisions.Charter, scope, and membership criteria coming. Community input on
structure welcome before anything is finalized.Background on GCVE and the cloud finding gap:
https://olearysec.com/gcve/ -
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
RE: https://infosec.exchange/@sambowne/116593682047881738
If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.
The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.
BCP-09 -> https://gcve.eu/bcp/gcve-bcp-09/
#gcve #cve #vulnerability #opensource #vulnerability #cybersecurity
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
@Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na
Yes! The #GCVE folks are really on the ball about all this
I would be willing to bet a milkshake they will be one of the more authoritative sources in the future
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
RE: https://social.circl.lu/@gcve/116472772889791098
After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.
https://infosec.exchange/@gcve@social.circl.lu/116472772989905449
-
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Does anyone know how to report errors to https://db.gcve.eu/? Just their
info@mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).
Result: CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). :neocat_glare: #CVE #GCVE -
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.
"Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."
#gcve #cve #europe #vulnerabilitymanagement #opensource #opendata
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
-
Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.
Maybe join me at hackathon.lu if you want to be part of this.
-
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
-
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
-
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
-
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
-
VulnMCP can now leverage multiple skills to classify vulnerability descriptions written in English, Russian, or Chinese.
https://github.com/vulnerability-lookup/VulnMCP
#AI #Orchestration #NLP #MCP #VulnerabilityLookup #Vulnerability #CVE #GCVE #Agentic #Python #OpenSource #Transformers
-
Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.
If you want a voucher to join the hackathon, let me know.
-
Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.
If you want a voucher to join the hackathon, let me know.
-
Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.
If you want a voucher to join the hackathon, let me know.