Re: faster tracker data processing

To: Raphael Geissert <geissert@debian.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: faster tracker data processing
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 02 Oct 2009 10:56:55 +0000
Message-id: <[🔎] 87ske212tk.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] ha1cb8$5kp$1@ger.gmane.org> (Raphael Geissert's message of "Wed, 30 Sep 2009 23:49:54 -0500")
References: <[🔎] ha1cb8$5kp$1@ger.gmane.org>

* Raphael Geissert:

> If that's not desirable, maybe a concept of "HINT"s could be introduced,
> where the script that updates the CVE/list file from the CVE db
> automatically adds HINTs of possibly affected packages based on the
> embedded-code-copies files, the technique used by the check-new-issues
> (apt-cache search), and a simple file that could be used to associate full
> project names with a package name (say "Alvaro's Messenger" with "amsn").

NVD does some of that already.  For an example, see "Vulnerable
software and versions" under:

<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1895>

There are quite a few CPE names already: <http://nvd.nist.gov/cpe.cfm>

If that data is reasonably current (it's also available over XML), we
could generate (PTS) alerts based on that.  The advantage is that CPE
is normalized, while CVE descriptions aren't (I tried to build a Naive
Bayesian classifier once, but it did not work that well).

Reply to:

Follow-Ups:
- Re: faster tracker data processing
  - From: Raphael Geissert <geissert@debian.org>

References:
- faster tracker data processing
  - From: Raphael Geissert <geissert@debian.org>

Prev by Date: Re: faster tracker data processing
Next by Date: Re: faster tracker data processing
Previous by thread: Re: faster tracker data processing
Next by thread: Re: faster tracker data processing
Index(es):
- Date
- Thread