We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Building the world’s first free open source database of FOSS and their vulnerabilities.

2
 Cite
 Share
 Download
 Purchase
Logo of FOSDEM VZWFOSDEM VZW
 Sandbhor, Shivam

Formal Metadata

Title
Building the world’s first free open source database of FOSS and their vulnerabilities.
Subtitle
Learn why and how we are building VulnerableCode, a free and open source database of FOSS components and their vulnerabilities.
Title of Series
Number of Parts
637
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
VulnerableCode is a free and open source database of vulnerabilities and the FOSS packages they impact. It is made by the FOSS community to improve the security of the open source software ecosystem. It’s design solves various pre-existing problems like licensing, data complexity and usability. Using software with known vulnerabilities is one of OWASP’s Top 10 security vulnerabilities . This is increasingly becoming more important as more and more software is built on top of existing free and open source software. From the perspective of software composition analysis, it then becomes increasingly important to know about vulnerable components being used. Naturally a database of mappings of packages and their vulnerabilities is required. Below are some of the problems with existing solutions and how VulnerableCode solves these.