Tootfinder

@adulau@infosec.exchange
2026-02-07 08:07:19

Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
#kev #gcve

| Confidence | Label | Meaning (confidence in this evidence item) | Typical exploitation evidence examples |
|-----------:|------------------|---------------------------------------------|----------------------------------------|
| 0.0 | None | No usable evidence or placeholder only | Empty claim; unresolved rumor with no traceability |
| 0.1 | Extremely low | U…

@adulau@infosec.exchange
2026-01-31 08:52:27

GCVE-BCP-08 - GCVE GNA Directory File
Following some good pre-discussion at #fosdem - a first draft of the directory file specification has been updated. The goal is clarify some of the fields. Feedback is more than welcome.
@…@…

GCVE-BCP-08 - GCVE GNA Directory File (draft)
Following various discussions and the meeting at FOSDEM, we will create the GCVE-BCP-08 describing the directory JSON format. GCVE-BCP-08 - GCVE GNA Directory File Status of This Document This document defines GCVE-BCP-08, which specifies the structure and semantics of the GCVE GNA Directory File. This file gcve.json enumerates known GCVE Numbering Authorities (GNAs) and associated metadata used by the GCVE ecosystem. Scope The GCVE GNA Directory File is a JSON document containing an array…

Tootfinder

Opt-in global Mastodon full text search. Join the index!