Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore closed source vulnerabilities #304

Open
sbs2001 opened this issue Dec 30, 2020 · 2 comments
Open

Ignore closed source vulnerabilities #304

sbs2001 opened this issue Dec 30, 2020 · 2 comments
Labels
Data collection

Comments

@sbs2001
Copy link
Collaborator

sbs2001 commented Dec 30, 2020

More != Better

We don't care about vulnerabilities in windows.

https://git.launchpad.net/ubuntu-cve-tracker/tree/ignored/not-for-us.txt is a good start .
@pombredanne
Copy link
Collaborator

@sbs2001 agreed at some level, but we want to be careful as proprietary software vulnerabilities may be at times about some FOSS packages that's bundled, so discarding it upfront may not be a good thing at all times.
https://nvd.nist.gov/vuln/detail/CVE-2020-0236 for instance may not be for Ubuntu ... Yet it may be for us? TBD

@pombredanne pombredanne mentioned this issue May 23, 2022
Open
@armijnhemel
Copy link
Contributor

More != Better

We don't care about vulnerabilities in windows.

I have problems with this. First of all, equating "windows" with "not open source" is an oversimplification: there is a lot of open source used in Windows (for more than 25 years) and this is only increasing. Also, users of VulnerableCode might actually be interested in this data.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Data collection
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @armijnhemel @sbs2001