[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security related tooling project
From: |
Christopher Baines |
Subject: |
Re: Security related tooling project |
Date: |
Sun, 04 Apr 2021 09:24:42 +0100 |
User-agent: |
mu4e 1.4.15; emacs 27.1 |
Léo Le Bouter <lle-bout@zaclys.net> writes:
> On Sat, 2021-04-03 at 11:41 +0100, Christopher Baines wrote:
>> Please let me know if you have any comments or questions!
>
> That's really really awesome Chris! I especially like that also users
> are invited to particpate in the process and the information is shared
> there as well!
Cool, and yeah, I think users of Guix do have some needs around security
and how they use Guix, but I don't yet have a clear picture of them. I
want to try and work on figuring this out though!
> If I have a comment about the CVE mechanism is that it seems CPE
> vendor/name labeling isnt done well or not fast enough in practice,
> most flaws I fix they do not have CPE name and vendor specified. So I
> wonder how to automate recognition of them here. I believe some could
> try and parse the summary with natural language analysis but that also
> seems quite imprecise.
Right, that definitely seems like something to work on.
Thanks,
Chris
signature.asc
Description: PGP signature