[Development] Monitoring of upstream vulnerabilities
Thiago Macieira
thiago.macieira at intel.com
Tue Jun 19 21:46:28 CEST 2018
As part of the discussion on 3rdparty and security at QtCS, I took an action
to look into what we use in Clear Linux to monitor for reported
vulnerabilities.
Currently, we use https://github.com/clearlinux/cve-check-tool. This is going
to be replaced with CVEMAN - https://github.intel.com/kcwells/cveman. Both
tools consume the feed from the National Vulnerability Database from the US
NIST - https://nvd.nist.gov/.
--
Thiago Macieira - thiago.macieira (AT) intel.com
Software Architect - Intel Open Source Technology Center
More information about the Development
mailing list