Tootfinder

Opt-in global Mastodon full text search. Join the index!

@adulau@infosec.exchange
2026-02-20 10:40:39

The GCVE.eu initiative will take part in hackathon.lu (14–15 April, Luxembourg), alongside core developers of GCVE-related projects. See you there to build, experiment, and collaborate!
#gcve #cve #opensource

GCVE federated model
@adulau@infosec.exchange
2026-04-03 20:52:22

For hackathon.lu, I was initially unsure what my main project would be, but I ultimately decided to focus on implementing the future GCVE BCP-10.
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE
The idea is combine it with the cpe-guesser and have a registry to facilitate the interaction with the CPE values to handle vendor and product references.
#gcve

GCVE-BCP-10 : Improved Common Platform Enumeration for GCVE
GCVE-BCP-10: Improved Common Platform Enumeration for GCVE Document ID: GCVE-BCP-10 Title: Improved Common Platform Enumeration for GCVE Status: Draft Category: Best Current Practice Updates: CPE-compatible naming and match semantics Author: GCVE.eu Intended use: Platform and product identification, applicability matching, vendor management, and synonym handling in the GCVE ecosystem Abstract This document specifies an improved platform enumeration format for GCVE. The format is intentionally…

@adulau@infosec.exchange
2026-02-04 21:53:40

GCVE will be at hackathon.lu - April 14th and 15th, 2026
So if you want to work on all the cool stuff around vulnerability management, federated publication of vulnerability information, analytics, and anything related to vulnerabilities, join us.
#gcve #opensource

GCVE will be at hackathon.lu - April 14th and 15th, 2026
This 2-day, in-person hackathon, held in Luxembourg on April 14–15, 2026 (09:00–17:00), combines a hands-on open-source hackathon with an integrated public conference morning on April 14 (09:00–12:00). The event focuses on the development of free and open-source software for cybersecurity and related domains. GCVE.eu will be there, so if you want to work on all the cool stuff around vulnerability management, federated publication of vulnerability information, analytics, and anything rela…

@adulau@infosec.exchange
2026-02-07 08:07:19

Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
#kev #gcve

| Confidence | Label | Meaning (confidence in this evidence item) | Typical exploitation evidence examples | |-----------:|------------------|---------------------------------------------|----------------------------------------| | 0.0 | None | No usable evidence or placeholder only | Empty claim; unresolved rumor with no traceability | | 0.1 | Extremely low | U…