[Development] Monitoring of upstream vulnerabilities

Jason H jhihn at gmx.com
Tue Jun 19 22:15:18 CEST 2018



> Sent: Tuesday, June 19, 2018 at 3:46 PM
> From: "Thiago Macieira" <thiago.macieira at intel.com>
> To: development at qt-project.org
> Subject: [Development] Monitoring of upstream vulnerabilities
>
> As part of the discussion on 3rdparty and security at QtCS, I took an action 
> to look into what we use in Clear Linux to monitor for reported 
> vulnerabilities.
> 
> Currently, we use https://github.com/clearlinux/cve-check-tool. This is going 
> to be replaced with CVEMAN - https://github.intel.com/kcwells/cveman. Both 
> tools consume the feed from the National Vulnerability Database from the US 
> NIST - https://nvd.nist.gov/.

Is that intel server publicly accessible?
 



More information about the Development mailing list