Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Google Proposes An Open-Source Vulnerability Interchange Schema

Written by Michael Larabel in Linux Security on 24 June 2021 at 09:15 AM EDT. 5 Comments

LINUX SECURITY

As part of Google's latest work on trying to enhance open-source software security, months after starting their own open-source vulnerability database they are now looking to push an open-source vulnerability interchange schema to make it easier to exchange information on vulnerabilities and making it easier for automated analysis.

Google hopes this will be adopted as a unified vulnerability schema used by open-source projects for relaying details about vulnerabilities. In large part the emphasis on this schema is to make it easier for automated analysis and processing while the JSON-based format can be converted into human-friendly output as well with ease.

Here's a look at the design in its near-finalized state.

Google has been working with projects like Go, Rust, Python, and their own OSS-Fuzz for supporting this schema as they work towards finalizing it.

More details on Google's open-source vulnerability schema can be found via the Google Security blog.

5 Comments

Related News

Red Hat Working On Delayed Module Signature Verification To Speed-Up Linux Boot Times

SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Linux 6.6 Adding Randomized Kmalloc Caches For Further System Hardening

Linux 6.5 Patches Merged For Intel GDS/DOWNFALL, AMD INCEPTION

Linux 6.1 To 6.5 Git Quietly Patched For "StackRot" Privilege Escalation Vulnerability

Microsoft Aims For Greater Script Execution Control On Linux

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Valve Is A Wonderful Upstream Contributor To Linux & The Open-Source Community

Linux Terminal Emulators Have The Potential Of Being Much Faster

PipeWire 1.0 Planned For Release Later This Year

Linux's Multi-Grain Timestamps Short-Lived: Removed From The Kernel After A Few Weeks

Linux 6.7 Adding New Feature To Btrfs For The Steam Deck

Blumenkrantz Optimizes Mesa Vulkan Submission Merging - Some Test Cases Improve 1000%+

Firefox 118 Available With Performance Improvements, Automated Translations

Reminder: The 2023 Phoronix Premium Oktoberfest/Autumn Special