Building the world’s first free open source database of FOSS and their vulnerabilities.

Zitieren

FOSDEM VZW

Sandbhor, Shivam

Formale Metadaten

Titel

Building the world’s first free open source database of FOSS and their vulnerabilities.

Untertitel

Learn why and how we are building VulnerableCode, a free and open source database of FOSS components and their vulnerabilities.

Serientitel

FOSDEM 2021

Anzahl der Teile

637

Autor

Sandbhor, Shivam

Lizenz

CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.

Identifikatoren

10.5446/52430 (DOI)

Herausgeber

FOSDEM VZW

Erscheinungsjahr

2021

Sprache

Englisch

Inhaltliche Metadaten

Fachgebiet

Informatik

Genre

Konferenz/Talk

Abstract

VulnerableCode is a free and open source database of vulnerabilities and the FOSS packages they impact. It is made by the FOSS community to improve the security of the open source software ecosystem. It’s design solves various pre-existing problems like licensing, data complexity and usability. Using software with known vulnerabilities is one of OWASP’s Top 10 security vulnerabilities . This is increasingly becoming more important as more and more software is built on top of existing free and open source software. From the perspective of software composition analysis, it then becomes increasingly important to know about vulnerable components being used. Naturally a database of mappings of packages and their vulnerabilities is required. Below are some of the problems with existing solutions and how VulnerableCode solves these.