You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it is my feeling, that more and more CVEs do not include CPEs any more. Currently I had to handle CVE-2024-6119 (openssl) and CVE-2024-34702 and another one of the crypto library botan by hand.
I asked the botan maintainer about this and he has told me, that those CVEs have been created by GitHub which do not support CPEs yet, and have no concrete plan to support it in the future. The botan maintainer is willing to switch back to MITRE, which he claims, is much harder to use.
Is this only my perception, or am I right about more and more missing CPEs?
Which alterantives does Dependencytrack have to handle this situation?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
it is my feeling, that more and more CVEs do not include CPEs any more. Currently I had to handle CVE-2024-6119 (openssl) and CVE-2024-34702 and another one of the crypto library botan by hand.
I asked the botan maintainer about this and he has told me, that those CVEs have been created by GitHub which do not support CPEs yet, and have no concrete plan to support it in the future. The botan maintainer is willing to switch back to MITRE, which he claims, is much harder to use.
Is this only my perception, or am I right about more and more missing CPEs?
Which alterantives does Dependencytrack have to handle this situation?
Beta Was this translation helpful? Give feedback.
All reactions