[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Q: CVE Database with Programming Language and Failure Classification?

To: noloader@xxxxxxxxx
Subject: Re: [Full-disclosure] Q: CVE Database with Programming Language and Failure Classification?
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Wed, 15 May 2013 21:10:17 +0200

* Jeffrey Walton:

> Does anyone know where to find an augmented CVE database with: (1)
> programming language and (2) failure classification?

Red Hat's Bugzilla has CWE tagging for many CVEs, in the "Whiteboard"
field.  Mapping the affected packages to programming languages is some
work, though.  You could map the CVEs to Debian packages through the
Debian Security Tracker, and use the implemented-in tags provided by
Debian.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Q: CVE Database with Programming Language and Failure Classification?
  - From: Jeffrey Walton

Prev by Date: [Full-disclosure] [Security-news] SA-CONTRIB-2013-047 - Google Authenticator login - Access Bypass
Next by Date: [Full-disclosure] [SECURITY] [DSA 2669-1] linux security update
Previous by thread: [Full-disclosure] Q: CVE Database with Programming Language and Failure Classification?
Next by thread: [Full-disclosure] [HITB-Announce] HITB Magazine Issue 010
Index(es):
- Date
- Thread