Re: [Development] Monitoring of upstream vulnerabilities

2018-06-20 Thread Eike Ziller
> On 19. Jun 2018, at 23:15, Jason H wrote: > > > >> Sent: Tuesday, June 19, 2018 at 4:50 PM >> From: "Thiago Macieira" >> To: development@qt-project.org >> Subject: Re: [Development] Monitoring of upstream vulnerabilities >> &g

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Thiago Macieira
On Tuesday, 19 June 2018 14:22:56 PDT Bernhard B wrote: > On a side note: Do you know an estimated timeframe for when it will be > publicly available? > Would be really interested in the details. I didn't know it existed until this morning, so no. And, of course, we began discussing the logo the

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Bernhard B
> > Because I didn't realise the tool wasn't public. I saw github and thought > it > was. Sorry about that. > > Well, CVEMAN will be made public some time, hopefully. It's still in > development. For now, the other tool works. > Many thanks for the clarification! On a side note: Do you know an es

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Jason H
> Sent: Tuesday, June 19, 2018 at 4:50 PM > From: "Thiago Macieira" > To: development@qt-project.org > Subject: Re: [Development] Monitoring of upstream vulnerabilities > > On Tuesday, 19 June 2018 13:15:18 PDT Jason H wrote: > > > Currently, we use https:/

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Thiago Macieira
On Tuesday, 19 June 2018 14:04:45 PDT Bernhard B wrote: > Sorry, I don't get it. But what's the point of providing a link to the > Intel github rpo if we can't access it? Because I didn't realise the tool wasn't public. I saw github and thought it was. Sorry about that. Well, CVEMAN will be made

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Bernhard B
Sorry, I don't get it. But what's the point of providing a link to the Intel github rpo if we can't access it? Am Dienstag, 19. Juni 2018 schrieb Thiago Macieira : > On Tuesday, 19 June 2018 13:15:18 PDT Jason H wrote: > > > Currently, we use https://github.com/clearlinux/cve-check-tool. This > i

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Thiago Macieira
On Tuesday, 19 June 2018 13:15:18 PDT Jason H wrote: > > Currently, we use https://github.com/clearlinux/cve-check-tool. This is > > going to be replaced with CVEMAN - > > https://github.intel.com/kcwells/cveman. Both tools consume the feed from > > the National Vulnerability Database from the US N

Re: [Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Jason H
> Sent: Tuesday, June 19, 2018 at 3:46 PM > From: "Thiago Macieira" > To: development@qt-project.org > Subject: [Development] Monitoring of upstream vulnerabilities > > As part of the discussion on 3rdparty and security at QtCS, I took an action > to look int

[Development] Monitoring of upstream vulnerabilities

2018-06-19 Thread Thiago Macieira
As part of the discussion on 3rdparty and security at QtCS, I took an action to look into what we use in Clear Linux to monitor for reported vulnerabilities. Currently, we use https://github.com/clearlinux/cve-check-tool. This is going to be replaced with CVEMAN - https://github.intel.com/kcwel