bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added a cna_readme_notes with some documents about how each cna records their security advisories

Browse source
This commit is contained in:
Brendan McDevitt 2022-05-04 12:45:15 -05:00
parent 5899e5c14d
commit c62d191ddc
4 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/cna_readme_notes/cnas_with_apis.md Normal file
View file

@ -0,0 +1 @@
# CNAs with APIs

10
lib/cna_readme_notes/cnas_with_html_advisories.md Normal file
View file

@ -0,0 +1,10 @@
# CNAs with HTML advisories
- Adobe Systems Incorporated:https://helpx.adobe.com/security/alertus.html
- AMD:https://www.amd.com/en/corporate/product-security
- Ampere:https://amperecomputing.com/products/product-security.html
- Android:https://source.android.com/security/bulletin
- Apple Inc.: https://support.apple.com/en-us/HT201222
- Arista Networks:https://www.arista.com/en/support/advisories-notices - offers a subscribe with RSS button to get an index of advisories at least.
- Atlassian:https://www.atlassian.com/trust/security/advisories - the page listed in the CNAList.json for this org is the advisory policy document and not the list of advisories. The link provided in this document is the correct link for security advisories.
- Autodesk:https://www.autodesk.com/trust/security-advisories
- Avaya, Inc.:https://support.avaya.com/security

3
lib/cna_readme_notes/cnas_with_no_advisories.md Normal file
View file

@ -0,0 +1,3 @@
# CNAs with no advisories
- Alibaba, Inc.: https://github.com/alibaba - cant find a repo or anything on their github that shows vendor advisories

5
lib/cna_readme_notes/cnas_with_other_format_advisories.md Normal file
View file

@ -0,0 +1,5 @@
# CNAs with other formats
- airbus: https://airbus-seclab.github.io/ - this seems to link to pdfs that have the juicy bits about the vulnerability.
- Alias Robotics S.L: https://github.com/aliasrobotics/RVD/issues - they use github issues to track open vulnerabilities.
- Apache Software Foundation: https://www.openwall.com/lists/oss-security/ - a mailing list but they also have https://www.apache.org/security/projects.html which links back to individual projects which may or may not have their own advisories/format for how they list, depending on the project.
- Asea Brown Boveri Ltd. (ABB): https://global.abb/group/en/technology/cyber-security/alerts-and-notifications - pdf for each advisory.