How Do You Spell Control? Maybe Google?
The lack of a standardized format has made it difficult to manage vulnerabilities in open source software. Now, SiliconAngle reports, “Google Announces Unified Schema to Make Sharing Vulnerabilities Easier.” Writer Duncan Riley explains:
“Google LLC today announced a unified schema for describing vulnerabilities precisely to make it easier to share vulnerabilities between databases. The idea behind the unified schema is to address an issue with existing vulnerability databases where various ecosystems and organizations create their own data. As each uses its own format to describe vulnerabilities, a client tracking vulnerabilities across multiple databases must handle each separately. Because of the lack of a common standard, sharing vulnerabilities among databases is challenging. The new unified schema for describing vulnerabilities has been designed by the Google Open Source Security Team, Go Team and the broader open-source community and has been designed from the beginning for open-source ecosystems. The unified format will allow vulnerability databases, open-source users and security researchers to share tooling and consume vulnerabilities more easily across open source, providing a complete view of vulnerabilities in open source.”