home.social

#gcve — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #gcve, aggregated by home.social.

  1. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  2. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  3. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  4. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  5. Playing with CSAF 2.1 CSD02 and GCVE extensions.

    discourse.ossbase.org/t/csaf-a

    I think more and more that having GCVE extension on all vulnerability standard format makes much more sense nowadays.

    #gcve #cve #csaf

    @gcve

  6. I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  7. I'm now GNA 119 under CIRCL's GCVE system — a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform — AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  8. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  9. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  10. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  11. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  12. RE: infosec.exchange/@sambowne/116

    If I understood #GCVE correctly, this is exactly the sort of case where you want to use this process to assign a #GCVE identifier, @adulau -> what do you think?

  13. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  14. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  15. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  16. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  17. GCVE has published a description of the scope of a GCVE record. It is based on feedback, misunderstandings from articles about the GCVE initiative, and ideas from GNAs actually assigning IDs.

    The document is still in draft before in a final publication. Feedback is welcome via the standard Discourse platform.

    BCP-09 -> gcve.eu/bcp/gcve-bcp-09/

    #gcve #cve #vulnerability #opensource #vulnerability #cybersecurity

    social.circl.lu/@gcve/11658895

  18. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  19. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  20. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  21. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  22. @Le_suisse @ariadne @gregkh @wdormann @Viss @andrewnez @Di4na

    Yes! The #GCVE folks are really on the ball about all this

    I would be willing to bet a milkshake they will be one of the more authoritative sources in the future

  23. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  24. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  25. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  26. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  27. RE: social.circl.lu/@gcve/11647277

    After the recent hackathon and the feedback from different contributors, we published a first draft version of GCVE-BCP-10 to refresh the Common Platform Enumeration model.

    #gcve #cpe #cybersecurity

    infosec.exchange/@gcve@social.

  28. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  29. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  30. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  31. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  32. Does anyone know how to report errors to https://db.gcve.eu/? Just their info@ mail? I looked up CVE-2026-6042 and CVE-2026-40200 there because I was annoyed that the NVD database (which #Buildroot uses for automated vulnerability checks) still didn't have them correctly labeled with the CPE (so automated tools can't identify the package is vulnerable).

    Result:
    CVE-2026-40200 is correctly labeled (good!), while CVE-2026-6042 is not (different vendor/product). Mistakes happen, an organization that's trying to run as serious vulnerability DB really needs to provide an obvious "report errors here" mail address (or other means, but really… mail). ​:neocat_glare:​ #CVE #GCVE

  33. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  34. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  35. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  36. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  37. Heureux de lire un article qui comprend bien les enjeux de la gestion des vulnérabilités et qui reflète bien notre démarche avec le projet GCVE.

    "Le Global CVE Allocation System, soutenu par l’UE, a été lancé début janvier. Cet événement fait suite aux problématiques de financement du programme CVE, opéré par MITRE Corporation et soutenu par le gouvernement américain. L’initiative illustre la manière dont l’UE affirme son influence normative tout en atténuant sa dépendance aux infrastructures non européennes. Cette dimension prend toute son importance à l’heure du retour de la compétition entre grandes puissances."

    #gcve #cve #europe #vulnerabilitymanagement #opensource #opendata

    🔗 irsem.fr/publications/fragment

    @gcve
    @circl

  38. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement

  39. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement

  40. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement

  41. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement

  42. Working on a prototype for collaborative CPE editing, including relationship handling. It is starting to come together, and I see a lot of potential in extending the CPE format to make it more useful.

    Maybe join me at hackathon.lu if you want to be part of this.

    #gcve #cve #cybersecurity #vulnerabilitymanagement

  43. Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.

    If you want a voucher to join the hackathon, let me know.

    hackathon.lu/

    @gcve
    @circl

    #hackathon #luxembourg #gcve #cybersecurity #opensource

  44. Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.

    If you want a voucher to join the hackathon, let me know.

    hackathon.lu/

    @gcve
    @circl

    #hackathon #luxembourg #gcve #cybersecurity #opensource

  45. Just submitted - “GCVE Backstage: BCPs, Tooling, and Hackathon Opportunities” for hackathon.lu to show what can be done during the hackathon with the GCVE.eu project.

    If you want a voucher to join the hackathon, let me know.

    hackathon.lu/

    @gcve
    @circl

    #hackathon #luxembourg #gcve #cybersecurity #opensource