Geeks for your information News Software & Services News v
Google launches OSV-Scanner, a new open-source vulnerability database
Google launches OSV-Scanner, a new open-source vulnerability database
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,267
Threads: 10,307
Thanks Received: 9,363 in 7,509 posts
Thanks Given: 10,345
Joined: 12 September 18
#1
Information  16 December 22, 06:31
Quote:Google has launched a new open-source tool designed to give open-source developers access to information that could help them stay on top of potential vulnerabilities that could affect their projects. The OSV-Scanner builds on top of a tool Google developed in 2021 called the OSV.dev service.

[Image: Google-launches-OSV-Scanner.jpg]

The OSV.dev service is an open-source distributed vulnerability database that conglomerates the different open-source ecosystems and vulnerabilities into a single location and in a machine-readable format. The move marked an important step as unifying open-source vulnerabilities and databases in this way had proven challenging with each using their own format. Describing the move in June last year, Google said:

“With this schema we hope to define a format that all vulnerability databases can export. A unified format means that vulnerability databases, open-source users, and security researchers can easily share tooling and consume vulnerabilities across all of open-source. This means a more complete view of vulnerabilities in open source for everyone, as well as faster detection and remediation times resulting from easier automation.”

The news OSV-Scanner tool marks the next step in this journey as it offers what Google is calling an “officially supported front end to the OSV database”. As mentioned above, the huge numbers and varieties of formats were a challenge to compile together but they are also a challenge to keep track of. This necessitates the automation of the task, which is where this new scanner tool comes in:

“The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.”

According to the Google blog post announcing the new OSV-scanner, the OSV.dev database is now the biggest open-source vulnerability database of its kind, containing over 38,000 advisories. This has jumped up from 15,000 advisories just a year ago.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  • ismail
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
AxCrypt 3.0.0.90
AxCrypt 3.0.0.90: ...harlan4096 — 06:27
Microsoft Edge 147.0.3912.98
Version 147.0.3912...harlan4096 — 06:26
Google Chrome 147.0.7727.137/138
Google Chrome 147....harlan4096 — 06:22
Rufus 4.14
Rufus 4.14 (stable...harlan4096 — 06:19
LibreOffice 26.2.3
Berlin, 30 April 2...harlan4096 — 06:18

[-]
Birthdays
Today's Birthdays
avatar (74)divinenews
avatar (51)plajhunTat
Upcoming Birthdays
avatar (28)akiratoriyama
avatar (48)Jerrycix
avatar (40)awedoli
avatar (82)WinRARHowTo
avatar (38)owysykan
avatar (49)beautgok
avatar (39)axuben
avatar (45)talsmanthago
avatar (31)mocetor
avatar (46)piomaibhaict
avatar (51)kingbfef
avatar (38)izenesiq
avatar (45)centfootadoni
avatar (40)ihijudu
avatar (45)tiojusop
avatar (42)Damiennug
avatar (40)acoraxe
avatar (49)contjrat
avatar (41)axylisyb
avatar (44)tukrublape
avatar (41)iruqi
avatar (42)saitetib
avatar (36)ypasodiny
avatar (39)omapek
avatar (48)Geraldtuh
avatar (44)knigiJow
avatar (46)1stOnecal
avatar (50)Mirzojap
avatar (36)idilysaju
avatar (45)xclubDum
avatar (41)Stewartanilm
avatar (44)nikitaxople
avatar (40)GregoryRog
avatar (45)mediumog
avatar (40)odukoromu
avatar (46)Joanna4589
avatar (28)Honor6

[-]
Online Staff
There are no staff members currently online.

>