Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Josh Bressers (joshbressers@infosec.exchange)'s status on Wednesday, 13-Nov-2024 01:09:49 JST Josh Bressers

Looks like #NVD has stopped enriching #CVE again. So that's neat

In conversation about 6 months ago from infosec.exchange permalink
- Embed this notice
  Josh Bressers (joshbressers@infosec.exchange)'s status on Wednesday, 13-Nov-2024 01:11:31 JST Josh Bressers
  in reply to
  - kurtseifried (he/him)
  @kurtseifried I've never bothered to figure this out
  Maybe some sort of alliance with a focus on cloud security could do it :)
  
  In conversation about 6 months ago permalink
- Embed this notice
  kurtseifried (he/him) (kurtseifried@infosec.exchange)'s status on Wednesday, 13-Nov-2024 01:11:32 JST kurtseifried (he/him)
  in reply to
  
  @joshbressers Did they ever enrich any cloud CVEs?
  
  In conversation about 6 months ago permalink
- Embed this notice
  kurtseifried (he/him) (kurtseifried@infosec.exchange)'s status on Wednesday, 13-Nov-2024 04:07:44 JST kurtseifried (he/him)
  in reply to
  
  @joshbressers I tried.
  https://cve.mitre.org/data/board/archives/2017-03/msg00016.html
  https://cve.mitre.org/data/board/archives/2018-11/msg00003.html
  and so on. I was ahead of my time or something.
  With respect to services we'll get whatever the service providers give us with respect to CPE/CWE/etc. there's no way to reliably figure this out externally.
  In conversation about 6 months ago permalink
  Attachments
  1. Untitled attachment
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Thursday, 14-Nov-2024 03:46:17 JST Will Dormann
  in reply to
  
  @joshbressers
  What's your source for this data?
  I see no interruption in NVD enrichment.
  e.g. this one is from today:
  https://nvd.nist.gov/vuln/detail/CVE-2024-31151
  In conversation about 6 months ago permalink
  Attachments
  1. Quick Info CVE Dictionary Entry: CVE-2024-31151 NVD Published Date: 10/30/2024 NVD Last Modified: 11/13/2024 Source: Talos
    https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/477/128/052/330/155/original/63e31841867305b4.png
  2. No result found on File_thumbnail lookup.
    
    NVD - CVE-2024-31151
- Embed this notice
  Josh Bressers (joshbressers@infosec.exchange)'s status on Thursday, 14-Nov-2024 07:16:13 JST Josh Bressers
  in reply to
  - Will Dormann
  @wdormann I use the nvd data. It looks like they added some things today, yeah
  
  In conversation about 6 months ago permalink
- Embed this notice
  Will Dormann (wdormann@infosec.exchange)'s status on Friday, 15-Nov-2024 02:59:50 JST Will Dormann
  in reply to
  
  @joshbressers
  Today, yesterday, the day before that, etc...
  🤷
  https://services.nvd.nist.gov/rest/json/cvehistory/2.0?eventName=Initial%20Analysis&changeStartDate=2024-11-06T00:00:00.000-05:00&changeEndDate=2024-11-12T00:00:00.000-05:00
  In conversation about 6 months ago permalink
  Attachments
  1. Untitled attachment
- Embed this notice
  Josh Bressers (joshbressers@infosec.exchange)'s status on Friday, 15-Nov-2024 03:04:46 JST Josh Bressers
  in reply to
  - Will Dormann
  @wdormann I'm too lazy and stupid to dig too deeply into this
  But my graph uses the CVE release date, then looks at if it has CPE data
  If older CVEs are updated, or data that isn't CPE gets added, I don't show it
  
  In conversation about 6 months ago permalink

Public

Conversation

Notices

Feeds