Tootfinder

Opt-in global Mastodon full text search. Join the index!

@adulau@infosec.exchange
2026-02-20 10:40:39

The GCVE.eu initiative will take part in hackathon.lu (14–15 April, Luxembourg), alongside core developers of GCVE-related projects. See you there to build, experiment, and collaborate!
#gcve #cve #opensource

GCVE federated model
@adulau@infosec.exchange
2025-12-06 16:10:40

We’ve updated the draft GCVE BCP-05 standard to introduce flexible record types, making it easier to extend, enrich, and structure security advisories.
Comments are more than welcome!
#gcve #cve #vulnerability

GCVE BCP-05 drafting - Best practices for the "container" format - modified CVE Record Format
Thanks @claudex . This is an excellent point and would also improve the ability to parse GCVE records reliably. Below is a proposal for a record_type field that would serve as a key within each GCVE record. Feel free to comment. @cedric I incorporated the idea concerning the sync of the comment (not sure if the most efficient way). Proposed update to BCP-05 (following the online workshop of 6th December in Belgium) The record_type field defines the semantic category of the content submitted by…

@adulau@infosec.exchange
2026-02-04 21:53:40

GCVE will be at hackathon.lu - April 14th and 15th, 2026
So if you want to work on all the cool stuff around vulnerability management, federated publication of vulnerability information, analytics, and anything related to vulnerabilities, join us.
#gcve #opensource

GCVE will be at hackathon.lu - April 14th and 15th, 2026
This 2-day, in-person hackathon, held in Luxembourg on April 14–15, 2026 (09:00–17:00), combines a hands-on open-source hackathon with an integrated public conference morning on April 14 (09:00–12:00). The event focuses on the development of free and open-source software for cybersecurity and related domains. GCVE.eu will be there, so if you want to work on all the cool stuff around vulnerability management, federated publication of vulnerability information, analytics, and anything rela…

@adulau@infosec.exchange
2026-02-07 08:07:19

Following a great question from CERT.PL about GCVE KEV assertion format and especially about the confidence level for an evidence of a vulnerability assertion.
We made a first table of confidence level for the evidence in the KEV record format.
#kev #gcve

| Confidence | Label | Meaning (confidence in this evidence item) | Typical exploitation evidence examples | |-----------:|------------------|---------------------------------------------|----------------------------------------| | 0.0 | None | No usable evidence or placeholder only | Empty claim; unresolved rumor with no traceability | | 0.1 | Extremely low | U…