From c62d191ddc115b0fec7e8f6d86da1bd9f789b337 Mon Sep 17 00:00:00 2001 From: Brendan McDevitt Date: Wed, 4 May 2022 12:45:15 -0500 Subject: [PATCH] added a cna_readme_notes with some documents about how each cna records their security advisories --- lib/cna_readme_notes/cnas_with_apis.md | 1 + lib/cna_readme_notes/cnas_with_html_advisories.md | 10 ++++++++++ lib/cna_readme_notes/cnas_with_no_advisories.md | 3 +++ .../cnas_with_other_format_advisories.md | 5 +++++ 4 files changed, 19 insertions(+) create mode 100644 lib/cna_readme_notes/cnas_with_apis.md create mode 100644 lib/cna_readme_notes/cnas_with_html_advisories.md create mode 100644 lib/cna_readme_notes/cnas_with_no_advisories.md create mode 100644 lib/cna_readme_notes/cnas_with_other_format_advisories.md diff --git a/lib/cna_readme_notes/cnas_with_apis.md b/lib/cna_readme_notes/cnas_with_apis.md new file mode 100644 index 0000000..5b3f724 --- /dev/null +++ b/lib/cna_readme_notes/cnas_with_apis.md @@ -0,0 +1 @@ +# CNAs with APIs \ No newline at end of file diff --git a/lib/cna_readme_notes/cnas_with_html_advisories.md b/lib/cna_readme_notes/cnas_with_html_advisories.md new file mode 100644 index 0000000..c648752 --- /dev/null +++ b/lib/cna_readme_notes/cnas_with_html_advisories.md @@ -0,0 +1,10 @@ +# CNAs with HTML advisories +- Adobe Systems Incorporated:https://helpx.adobe.com/security/alertus.html +- AMD:https://www.amd.com/en/corporate/product-security +- Ampere:https://amperecomputing.com/products/product-security.html +- Android:https://source.android.com/security/bulletin +- Apple Inc.: https://support.apple.com/en-us/HT201222 +- Arista Networks:https://www.arista.com/en/support/advisories-notices - offers a subscribe with RSS button to get an index of advisories at least. +- Atlassian:https://www.atlassian.com/trust/security/advisories - the page listed in the CNAList.json for this org is the advisory policy document and not the list of advisories. The link provided in this document is the correct link for security advisories. +- Autodesk:https://www.autodesk.com/trust/security-advisories +- Avaya, Inc.:https://support.avaya.com/security \ No newline at end of file diff --git a/lib/cna_readme_notes/cnas_with_no_advisories.md b/lib/cna_readme_notes/cnas_with_no_advisories.md new file mode 100644 index 0000000..9695754 --- /dev/null +++ b/lib/cna_readme_notes/cnas_with_no_advisories.md @@ -0,0 +1,3 @@ +# CNAs with no advisories +- Alibaba, Inc.: https://github.com/alibaba - cant find a repo or anything on their github that shows vendor advisories + diff --git a/lib/cna_readme_notes/cnas_with_other_format_advisories.md b/lib/cna_readme_notes/cnas_with_other_format_advisories.md new file mode 100644 index 0000000..4c93fd9 --- /dev/null +++ b/lib/cna_readme_notes/cnas_with_other_format_advisories.md @@ -0,0 +1,5 @@ +# CNAs with other formats +- airbus: https://airbus-seclab.github.io/ - this seems to link to pdfs that have the juicy bits about the vulnerability. +- Alias Robotics S.L: https://github.com/aliasrobotics/RVD/issues - they use github issues to track open vulnerabilities. +- Apache Software Foundation: https://www.openwall.com/lists/oss-security/ - a mailing list but they also have https://www.apache.org/security/projects.html which links back to individual projects which may or may not have their own advisories/format for how they list, depending on the project. +- Asea Brown Boveri Ltd. (ABB): https://global.abb/group/en/technology/cyber-security/alerts-and-notifications - pdf for each advisory. \ No newline at end of file