vulnerablecode icon indicating copy to clipboard operation
vulnerablecode copied to clipboard
verified publisher icon nexB

Handle CPE data in Vulnerablecode

Open TG1999 opened this issue 3 years ago • 1 comments

  1. NVD provides too much details on CPEs https://nvd.nist.gov/vuln/detail/CVE-2011-4136 with fully enumerated CPE ranges, that put a lot of data under references.

  2. We need to know which CPE references are interesting, this may require new models and structures

  3. CPEs should be referred as a package alias rather than a vulnerability reference.

TG1999 avatar Aug 05 '22 13:08 TG1999

I think that point 3 is most important and addressing that may mitigate the other problems with too much CPE data.

mjherzog avatar Aug 05 '22 15:08 mjherzog