Matt "msw" Wilson on Nostr: One of the "unique challenges" for vulnerability management in open-source intensive ...
One of the "unique challenges" for vulnerability management in open-source intensive software systems is that CVEs are allocated for weaknesses present only in source code.
Those weaknesses may not be present in a given deployable application, and often aren't.
#CVE #InfoSec #Linux #CyberSecurity #OpenSource #SBOM
Published at
2024-03-14 18:39:29Event JSON
{
"id": "40361ffe1f7fa4117eef170472e4dea71aafcdf68f342452c4983cf93286ea07",
"pubkey": "d914b9512d74aa5a16efaac9dd996bc017a55ba7a685703aafa0e1f6e5fbb8bc",
"created_at": 1710441569,
"kind": 1,
"tags": [
[
"t",
"SBOM"
],
[
"t",
"OpenSource"
],
[
"t",
"CyberSecurity"
],
[
"t",
"Linux"
],
[
"t",
"InfoSec"
],
[
"t",
"cve"
],
[
"proxy",
"https://mstdn.social/users/msw/statuses/112095498728292220",
"activitypub"
]
],
"content": "One of the \"unique challenges\" for vulnerability management in open-source intensive software systems is that CVEs are allocated for weaknesses present only in source code.\n\nThose weaknesses may not be present in a given deployable application, and often aren't.\n\n#CVE #InfoSec #Linux #CyberSecurity #OpenSource #SBOM",
"sig": "d8cc4122b1e08d14d1fdf6a193631d7c20ea21df565227391b65da2f0211b6be8af748f49ff6ab5cd1b2b2206c4a4330f23f8ec2c51044c3aeba9e2f83d8a1d9"
}
