[Development] Monitoring of upstream vulnerabilities

Thiago Macieira thiago.macieira at intel.com
Tue Jun 19 21:46:28 CEST 2018


As part of the discussion on 3rdparty and security at QtCS, I took an action 
to look into what we use in Clear Linux to monitor for reported 
vulnerabilities.

Currently, we use https://github.com/clearlinux/cve-check-tool. This is going 
to be replaced with CVEMAN - https://github.intel.com/kcwells/cveman. Both 
tools consume the feed from the National Vulnerability Database from the US 
NIST - https://nvd.nist.gov/.

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center






More information about the Development mailing list