Tootfinder

Vulnerability Lookup and GCVE: A Decentralized Approach to Vulnerability Publishing and Management Workshop at Hack.lu 2025
We published all the materials from the workshop given at #hacklu 2025
#gcve

We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability

GCVE BCP-05 drafting - Best practices for the "container" format - modified CVE Record Format
Thanks @claudex . This is an excellent point and would also improve the ability to parse GCVE records reliably. Below is a proposal for a record_type field that would serve as a key within each GCVE record. Feel free to comment. @cedric I incorporated the idea concerning the sync of the comment (not sure if the most efficient way). Proposed update to BCP-05 (following the online workshop of 6th December in Belgium) The record_type field defines the semantic category of the content submitted by…

Good example why open sources projects should self-publish or even counter-publish as a GNA in @…
Distributed publishing is not weakening the security advisory publication but it’s providing additional valuable sources.
#gcve