Phill MV

> By shipping a separate command, it is implied that using it increases security, ie, that it protects against an actual attack. I haven't yet heard any specific argument that...

Yeah. This is something we're thinking about (i.e. #151). I think right now we're leaning towards a "vulnerable_versions" and we'll figure something out in the next week or two.

So, actually, Reed pointed out a bunch of scenarios. 1. There's "this version of the code is no longer going to be supported, upgrade ASAP" -> probably warrants its own...

As got formalized in the test spec, we now accept: ``` yaml related: osvdb: - 12345 - 12346 cve: - 12347 - 12348 url: - http://example.com - http://example.com ``` This...

fun fact: we're actually in the process of backloading cvss and cwes into the gh data. maybe another month or so should be able to sync it off the github...

How does OVE differ from DWF? Per #251 and #224 we're already on the [DWF system](https://github.com/distributedweaknessfiling/DNA-Registry/commit/2a7d144246938bff8844447025a003ca22e5dd98). We still need to convert our OSVDB entries into our DWF namespaces but barring...

I'd be up for _adding_ a field for methods affected, but I don't know that we'd enforce it. I take it you work on Salus at Coinbase & are consuming...

They're not using our data https://github.com/rubysec/rubysec.github.com/issues/1 :)

We're definitely missing this issue - but what part is invalid?

@postmodern how does one accomplish: > Request a CVE from oss-sec mailing list or reserve a CVE from MITRE Is there a template people can use? Ditto re: osvdb email.