Explore the critical issue of free software vulnerability databases in this 53-minute Linux Foundation conference talk. Delve into the reasons behind the absence of such databases, understand the National Vulnerability Database (NVD), and discover potential solutions. Learn about Package URL, data aggregation techniques, and the proposed data model for vulnerability tracking. Examine the creation process, challenges faced, and future plans for implementing a free software vulnerability database. Gain insights into sustainability concerns and the innovative approach of identifying vulnerabilities using byte signatures. Join Philippe Ombredanne from AboutCode.org and nexB Inc., along with Michael Herzog from nexB Inc., as they address this crucial topic in open-source security.
Why Is There No Free Software Vulnerability Database?
Overview
Syllabus
Introduction
Why is there no free software vulnerability database
What is the NVD
What is a solution
The solution
Package URL
Aggregation
Data Model
Vulnerability Code
Features
Creation
Challenges
Old Data
Future Plans
Sustainability
Identifying with byte signatures
Taught by
Linux Foundation
