Google's open-source vulnerability schema
Google's open-source vulnerability schema
[Security] Posted Jun 25, 2021 14:39 UTC (Fri) by corbet
The Google Security Blog announces the release of a schema intended to describe vulnerabilities in a project-independent manner:
With this schema we hope to define a format that all vulnerability databases can export. A unified format means that vulnerability databases, open source users, and security researchers can easily share tooling and consume vulnerabilities across all of open source. This means a more complete view of vulnerabilities in open source for everyone, as well as faster detection and remediation times resulting from easier automation.
This schema is already being provided by a number projects, including Go, Rust, Python, DWF, and OSS-Fuzz.