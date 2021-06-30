



The open source vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing systems, which may be a suitable format for future data exports.

Google continues to push open source developers with more tools to improve software security, and is a machine-friendly way to describe vulnerability information: Open Source Vulnerability (OSV). The company said it is updating its schema this week.

The OSV schema aims to accurately describe vulnerabilities in a way tailored to open source use cases, “to automate and improve vulnerability triage for open source software developers and users.” I will. Google said in a blog post published on June 24th. The project will allow various developer tools to handle vulnerability information natively, making it easier for users of open source components to know if a particular vulnerability affects their application. I will.

Abhishek Arya, Principal Engineer of Google’s Open Source Security Group, aims to reduce the effort required to document vulnerabilities in open source projects and facilitate problem tracking.

“The effort to publish a vulnerability in schema format is zero or minimal, and real open source developers need to do a minimum of work,” says Arya. “Our ideal workflow is for the OS developer to commit in the repository and use the metadata. All automated systems get it and notify the consumer.”

The OSV schema is Google’s latest effort to make it easier and more efficient to secure open source software. In early June, the company released a cloud application that allows developers to explore dependency graphs for various open source projects. A visualization site called Open Source Insight allows anyone to see software libraries and other open source components.

In November, the company also announced with the Open Source Security Foundation (OpenSSF) a project called the Open Source Project Security Scorecard, which evaluates projects based on a set of security metrics.

“A unified format means that vulnerability databases, open source users, and security researchers can easily share tools and consume vulnerabilities across all open sources,” Google’s open source security and security and security and security researchers said. Members of the Go development team said in an OSV blog post. “This means that everyone has a more complete picture of open source vulnerabilities, which makes it easier to automate and reduces detection and repair time.”

Google released the original version of the schema in February, based on the database schema that the Rust team used for the vulnerability database. The Rust Foundation had already created a machine-readable format as part of the RustSec advisory database maintained by the Rust SecureCode Working Group.

The latest version released this month is a vulnerability database used in the Distributed Weakness Filing (DWF) system, an open source project aimed at recreating and extending Go, Python, and Common Vulnerabilities and Exposures (CVE) projects. Support is also included.

The CVE project validates software security issues and assigns them vulnerability identifiers, but in 2016 and 2017 there was a huge backlog due to operational issues. MITER, a non-profit government R & D organization that oversees the CVE process, has reorganized the review process to bring over 100 companies and groups as CVE numbering authorities.

Arya says the focus on machine automation of OSV schemas to facilitate the processing of vulnerability information distinguishes schemas from common CVE frameworks.

“Obtaining a CVE identifier is often time consuming and labor intensive, so having this simple schema focused on automation is very helpful,” he says. “Therefore, you can focus on when the problem occurred and when it was fixed. Anyone can commit those patches in terms of commit hash or version.”

MITER did not provide information on whether the combination of CVE and OSV schemas would support the format or work with Google. “We’re always looking for new ideas from the vulnerability management community,” a MITER spokeswoman said in an email.

After a few iterations, the OSV schema has been used as a format for exporting data from Go, Rust, Python, OSS-Fuzz, and DWF vulnerabilities and advisory databases. In addition, Google has built an automated tool for managing vulnerability databases that use schemas. This includes accurate matching to open source repositories and generation of additional data such as affected versions without human intervention.

The company said Google used the tool to create a Python advisory database for the community.

A veteran technology journalist with over 20 years. Former research engineer. He has authored more than 20 publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News.Five Awards for Journalism, Including Best Deadline … See Full Bio

Recommended reading:

Other insights

Sources 1/ https://Google.com/ 2/ https://www.darkreading.com/vulnerabilities—threats/vulnerability-management/google-updates-vulnerability-data-format-to-support-automation/d/d-id/1341437 The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos