On Mar 28, 2024, at 12:37, Alexander Kanavin <[email protected]> wrote: > > On Thu, 28 Mar 2024 at 17:28, Marta Rybczynska <[email protected]> wrote: >> I think you weren't there at the weekly meeting when we discussed >> that: it started around Feb 14th and I see that in my data >> (I have a daily report). >> >> To make the story short: NVD is close to 0 activity since mid-February >> and there is no communication for now on why, what are the reasons >> etc. >> The security community is concerned and there are multiple ideas: >> amending/replacing the database, there is an open letter in the works >> etc. >> From our practical view there's no automated solutions we can >> implement right now. I have some ideas and it would be good to discuss >> them, >> the next weekly meeting might be a good occasion. > > Probably alternatives to NVD will get increased attention too, which > is not a bad thing. This exposes NVD as the single point of failure, > and I can't see how they're going to restore trust.
Funding has been an issue for years, e.g. many thousands of bug reports never processed into CVEs, https://www.platformsecuritysummit.com/2019/speaker/sherman/
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197595): https://lists.openembedded.org/g/openembedded-core/message/197595 Mute This Topic: https://lists.openembedded.org/mt/105119670/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
