cvelistV5
maccarone
cvelistV5 | maccarone | |
---|---|---|
5 | 3 | |
527 | 468 | |
22.2% | - | |
4.8 | 8.3 | |
about 12 hours ago | 8 months ago | |
Python | ||
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cvelistV5
-
Maccarone: AI-managed code blocks in Python
We, as an industry, didn't stop shipping bugs. (Small example: https://github.com/CVEProject/cvelistV5/releases)
And that thorough code review prevents bugs is, at best, a debatable assertion. See e.g. https://www.microsoft.com/en-us/research/publication/code-re...
It finds _some_ bugs. CI/CD, and a massive investment in automated testing has probably had the largest impact in moving software quality forward. (See e.g. "Accelerate", Forsgren, Humble & Kim)
Code review is an excellent tool to socialize knowledge and train up more junior engineers, but in terms of preventing bugs, it's low-value.
-
"Mirror" of the soon to be deprecated NIST NVD CVE Feeds
There seems to be new repository in a new JSON format: https://github.com/CVEProject/cvelistV5
-
Please don't use GPT for Security Guidance
Meanwhile, over here, I just stare at https://github.com/CVEProject/cvelistV5 and mumble "any reasonable dev, front of mind".
-
On the uselessness of MITRE's CVE List
The issues I filed in the cvelistV5 repo are also unanswered, so I guess nobody gives a damn.
-
Rage about CVE dataset quality(?)
118955 entries don't even have an affected vendor/product software field, and neither with a valid version string and/or condition. They only contain plaintext descriptions and no version matching field either. Filed an issue here about it.
maccarone
What are some alternatives?
opencve - CVE Alerting Platform
marsha - Marsha is a functional, higher-level, English-based programming language that gets compiled into tested Python software by an LLM
Loki - Loki - Simple IOC and YARA Scanner
Delphic - Starter App to Build Your Own App to Query Doc Collections with Large Language Models (LLMs) using LlamaIndex, Langchain, OpenAI and more (MIT Licensed)
cve-schema - This repository is used for the development of the CVE JSON record format. Releases of the CVE JSON record format will also be published here. This repository is managed by the CVE Quality Working Group.
SecondBrain - SecondBrain is your second brain in the cloud, designed to easily store and retrieve unstructured information. It's like Obsidian but powered by generative AI.
gsd-tools - Global Security Database Tools
speech-ai - A Python package that generates conversational speech from text using a combination of Generative AI models and various text-to-speech engines, enabling applications to produce dynamic and contextually aware spoken responses.
cvelist - Pilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
jina - ☁️ Build multimodal AI applications with cloud-native stack
llm-client-sdk - SDK for using LLM