Google Proposes An Open-Source Vulnerability Interchange Schema
Written by Michael Larabel in Linux Security on 24 June 2021 at 09:15 AM EDT. 5 Comments
LINUX SECURITY --
As part of Google's latest work on trying to enhance open-source software security, months after starting their own open-source vulnerability database they are now looking to push an open-source vulnerability interchange schema to make it easier to exchange information on vulnerabilities and making it easier for automated analysis.

Google hopes this will be adopted as a unified vulnerability schema used by open-source projects for relaying details about vulnerabilities. In large part the emphasis on this schema is to make it easier for automated analysis and processing while the JSON-based format can be converted into human-friendly output as well with ease.


Here's a look at the design in its near-finalized state.


Google has been working with projects like Go, Rust, Python, and their own OSS-Fuzz for supporting this schema as they work towards finalizing it.

More details on Google's open-source vulnerability schema can be found via the Google Security blog.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter or contacted via MichaelLarabel.com.

Popular News This Week