Experimental News Clipping Site

Tag: vulnerability tracking

  • Slashdot: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem

    by

    Kurt Seifried
    in

    Source URL: https://developers.slashdot.org/story/25/08/11/025214/how-python-is-fighting-open-sources-phantom-dependencies-problem?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: How Python is Fighting Open Source’s ‘Phantom’ Dependencies Problem Feedly Summary: AI Summary and Description: Yes Summary: The Python Software Foundation is addressing the “phantom dependencies” issue in software packages by introducing the Software Bill-of-Materials (SBOM) through Python Enhancement Proposal 770. This initiative enhances metadata accessibility, making it easier…

  • The Register: As US vuln-tracking falters, EU enters with its own security bug database

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/05/13/eu_security_bug_database/ Source: The Register Title: As US vuln-tracking falters, EU enters with its own security bug database Feedly Summary: EUVD comes into play not a moment too soon The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles…

  • The Register: CVE fallout: The splintering of the standard vulnerability tracking system has begun

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/04/18/splintering_cve_bug_tracking/ Source: The Register Title: CVE fallout: The splintering of the standard vulnerability tracking system has begun Feedly Summary: MITRE, EUVD, GCVE … WTF? Comment The splintering of the global system for identifying and tracking security bugs in technology products has begun.… AI Summary and Description: Yes Summary: The text discusses the fragmentation…

  • Wired: ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/cve-program-cisa-funding-chaos/ Source: Wired Title: ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program Feedly Summary: The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it. AI Summary and Description: Yes Summary: The…

  • Slashdot: Cybersecurity World On Edge As CVE Program Prepares To Go Dark

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/04/16/0050230/cybersecurity-world-on-edge-as-cve-program-prepares-to-go-dark?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Cybersecurity World On Edge As CVE Program Prepares To Go Dark Feedly Summary: AI Summary and Description: Yes Summary: The potential expiration of MITRE’s DHS contract on April 16, 2025, threatens the continuity of the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs, which are crucial…

  • The Register: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/27/crushftp_cve/ Source: The Register Title: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug Feedly Summary: Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer…

  • Anchore: How Syft Scans Software to Generate SBOMs

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/how-syft-scans-software-to-generate-sboms/ Source: Anchore Title: How Syft Scans Software to Generate SBOMs Feedly Summary: Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools…

  • Anchore: Going All In: Anchore at SBOM Plugfest 2024

    by

    system automation
    in

    Source URL: https://anchore.com/blog/going-all-in-anchore-at-sbom-plugfest-2024/ Source: Anchore Title: Going All In: Anchore at SBOM Plugfest 2024 Feedly Summary: When we were invited to participate in Carnegie Mellon University’s Software Engineering Institute (SEI) SBOM Harmonization Plugfest 2024, we saw an opportunity to contribute to SBOM generation standardization efforts and thoroughly exercise our open-source SBOM generator, Syft.  While the…