diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..c779253 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "tools/cvelist"] + path = tools/cvelist + url = https://github.com/CVEProject/cvelist diff --git a/tools/cve_cna_security_advisories/cna_count_for_all_cves.json b/tools/cve_cna_security_advisories/cna_count_for_all_cves.json new file mode 100644 index 0000000..ee92813 --- /dev/null +++ b/tools/cve_cna_security_advisories/cna_count_for_all_cves.json @@ -0,0 +1,774 @@ +[ + { + "cna": "cve@mitre.org", + "count": 144427 + }, + { + "cna": "secalert@redhat.com", + "count": 9077 + }, + { + "cna": "secure@microsoft.com", + "count": 7405 + }, + { + "cna": "secalert_us@oracle.com", + "count": 7012 + }, + { + "cna": "psirt@cisco.com", + "count": 4889 + }, + { + "cna": "psirt@us.ibm.com", + "count": 4687 + }, + { + "cna": "product-security@apple.com", + "count": 4353 + }, + { + "cna": "psirt@adobe.com", + "count": 4105 + }, + { + "cna": "security@android.com", + "count": 3178 + }, + { + "cna": "cert@cert.org", + "count": 2831 + }, + { + "cna": "ics-cert@hq.dhs.gov", + "count": 2015 + }, + { + "cna": "vultures@jpcert.or.jp", + "count": 1920 + }, + { + "cna": "product-security@qualcomm.com", + "count": 1890 + }, + { + "cna": "security-advisories@github.com", + "count": 1819 + }, + { + "cna": "security@google.com", + "count": 1747 + }, + { + "cna": "security@mozilla.org", + "count": 1411 + }, + { + "cna": "talos-cna@cisco.com", + "count": 1243 + }, + { + "cna": "psirt@huawei.com", + "count": 1168 + }, + { + "cna": "zdi-disclosures@trendmicro.com", + "count": 1104 + }, + { + "cna": "support@hackerone.com", + "count": 1040 + }, + { + "cna": "contact@wpscan.com", + "count": 957 + }, + { + "cna": "secure@intel.com", + "count": 945 + }, + { + "cna": "security@apache.org", + "count": 843 + }, + { + "cna": "jenkinsci-cert@googlegroups.com", + "count": 742 + }, + { + "cna": "chrome-cve-admin@google.com", + "count": 729 + }, + { + "cna": "security-alert@hpe.com", + "count": 728 + }, + { + "cna": "hp-security-alert@hp.com", + "count": 721 + }, + { + "cna": "cna@sap.com", + "count": 700 + }, + { + "cna": "security_alert@emc.com", + "count": 668 + }, + { + "cna": "productcert@siemens.com", + "count": 662 + }, + { + "cna": "security@debian.org", + "count": 631 + }, + { + "cna": "PSIRT-CNA@flexerasoftware.com", + "count": 488 + }, + { + "cna": "report@snyk.io", + "count": 469 + }, + { + "cna": "f5sirt@f5.com", + "count": 467 + }, + { + "cna": "sirt@juniper.net", + "count": 461 + }, + { + "cna": "cybersecurity@schneider-electric.com", + "count": 453 + }, + { + "cna": "security@microfocus.com", + "count": 404 + }, + { + "cna": "security@huntr.dev", + "count": 379 + }, + { + "cna": "psirt@nvidia.com", + "count": 367 + }, + { + "cna": "vulnreport@tenable.com", + "count": 355 + }, + { + "cna": "secure@dell.com", + "count": 340 + }, + { + "cna": "security@atlassian.com", + "count": 326 + }, + { + "cna": "cve@gitlab.com", + "count": 316 + }, + { + "cna": "security@ubuntu.com", + "count": 294 + }, + { + "cna": "security@trendmicro.com", + "count": 293 + }, + { + "cna": "security@vmware.com", + "count": 285 + }, + { + "cna": "psirt@fortinet.com", + "count": 283 + }, + { + "cna": "secure@symantec.com", + "count": 271 + }, + { + "cna": "cve@cert.org.tw", + "count": 260 + }, + { + "cna": "psirt@mcafee.com", + "count": 245 + }, + { + "cna": "mobile.security@samsung.com", + "count": 242 + }, + { + "cna": "psirt@lenovo.com", + "count": 197 + }, + { + "cna": "security@wordfence.com", + "count": 178 + }, + { + "cna": "psirt@paloaltonetworks.com", + "count": 160 + }, + { + "cna": "security@synology.com", + "count": 158 + }, + { + "cna": "cve-assign@distributedweaknessfiling.org", + "count": 157 + }, + { + "cna": "security@qnap.com", + "count": 150 + }, + { + "cna": "vuln@krcert.or.kr", + "count": 135 + }, + { + "cna": "vulnerability@kaspersky.com", + "count": 126 + }, + { + "cna": "secteam@freebsd.org", + "count": 123 + }, + { + "cna": "security@tibco.com", + "count": 120 + }, + { + "cna": "cve@rapid7.com", + "count": 119 + }, + { + "cna": "cve-assign@fb.com", + "count": 116 + }, + { + "cna": "info@cert.vde.com", + "count": 115 + }, + { + "cna": "vulnerabilitylab@whitesourcesoftware.com", + "count": 114 + }, + { + "cna": "psirt@zte.com.cn", + "count": 94 + }, + { + "cna": "security@eclipse.org", + "count": 93 + }, + { + "cna": "security@elastic.co", + "count": 91 + }, + { + "cna": "security@suse.com", + "count": 87 + }, + { + "cna": "security-alert@netapp.com", + "count": 86 + }, + { + "cna": "cve@checkpoint.com", + "count": 71 + }, + { + "cna": "cybersecurity@ch.abb.com", + "count": 70 + }, + { + "cna": "PSIRT@sonicwall.com", + "count": 68 + }, + { + "cna": "sirt@brocade.com", + "count": 67 + }, + { + "cna": "psirt@amd.com", + "count": 66 + }, + { + "cna": "larry0@me.com", + "count": 66 + }, + { + "cna": "psirt@hcl.com", + "count": 63 + }, + { + "cna": "vuln@ca.com", + "count": 60 + }, + { + "cna": "security@pivotal.io", + "count": 58 + }, + { + "cna": "security-officer@isc.org", + "count": 54 + }, + { + "cna": "vulnerabilities@zephyrproject.org", + "count": 45 + }, + { + "cna": "security@puppet.com", + "count": 45 + }, + { + "cna": "psirt@bosch.com", + "count": 45 + }, + { + "cna": "cve-requests@bitdefender.com", + "count": 45 + }, + { + "cna": "audit@patchstack.com", + "count": 45 + }, + { + "cna": "security@drupal.org", + "count": 44 + }, + { + "cna": "psirt@autodesk.com", + "count": 44 + }, + { + "cna": "security@kubernetes.io", + "count": 41 + }, + { + "cna": "patrick@puiterwijk.org", + "count": 41 + }, + { + "cna": "security@php.net", + "count": 37 + }, + { + "cna": "cna@mongodb.com", + "count": 37 + }, + { + "cna": "security@mediatek.com", + "count": 35 + }, + { + "cna": "secure@blackberry.com", + "count": 35 + }, + { + "cna": "openssl-security@openssl.org", + "count": 35 + }, + { + "cna": "security@otrs.com", + "count": 34 + }, + { + "cna": "psirt@solarwinds.com", + "count": 34 + }, + { + "cna": "securityalerts@avaya.com", + "count": 32 + }, + { + "cna": "security@xen.org", + "count": 32 + }, + { + "cna": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "count": 32 + }, + { + "cna": "security@joomla.org", + "count": 31 + }, + { + "cna": "cve@aliasrobotics.com", + "count": 29 + }, + { + "cna": "security@jfrog.com", + "count": 24 + }, + { + "cna": "productsecurity@jci.com", + "count": 24 + }, + { + "cna": "cve-coordination@incibe.es", + "count": 24 + }, + { + "cna": "security@zoom.us", + "count": 22 + }, + { + "cna": "psirt@esri.com", + "count": 22 + }, + { + "cna": "disclosures@gallagher.com", + "count": 22 + }, + { + "cna": "cve-notifications-us@f-secure.com", + "count": 22 + }, + { + "cna": "browser-security@yandex-team.ru", + "count": 21 + }, + { + "cna": "security@vaadin.com", + "count": 20 + }, + { + "cna": "security@teradici.com", + "count": 20 + }, + { + "cna": "security@xiaomi.com", + "count": 19 + }, + { + "cna": "vulnerability@ncsc.ch", + "count": 18 + }, + { + "cna": "cybersecurity@dahuatech.com", + "count": 18 + }, + { + "cna": "cve-request@iojs.org", + "count": 18 + }, + { + "cna": "security@odoo.com", + "count": 17 + }, + { + "cna": "security@documentfoundation.org", + "count": 17 + }, + { + "cna": "product-cna@github.com", + "count": 16 + }, + { + "cna": "VulnerabilityReporting@secomea.com", + "count": 16 + }, + { + "cna": "cna@cyber.gov.il", + "count": 15 + }, + { + "cna": "security@acronis.com", + "count": 14 + }, + { + "cna": "security@zyxel.com.tw", + "count": 13 + }, + { + "cna": "responsibledisclosure@mattermost.com", + "count": 13 + }, + { + "cna": "CybersecurityCOE@eaton.com", + "count": 13 + }, + { + "cna": "psirt@forcepoint.com", + "count": 12 + }, + { + "cna": "psirt@arista.com", + "count": 12 + }, + { + "cna": "vuln@vdoo.com", + "count": 11 + }, + { + "cna": "security@oppo.com", + "count": 11 + }, + { + "cna": "security-info@sgi.com", + "count": 11 + }, + { + "cna": "psirt-info@cyber.jp.nec.com", + "count": 11 + }, + { + "cna": "cve@navercorp.com", + "count": 11 + }, + { + "cna": "security@salesforce.com", + "count": 10 + }, + { + "cna": "security@openvpn.net", + "count": 10 + }, + { + "cna": "security@octopus.com", + "count": 10 + }, + { + "cna": "cybersecurity@hitachienergy.com", + "count": 10 + }, + { + "cna": "security@search-guard.com", + "count": 9 + }, + { + "cna": "security@craftersoftware.com", + "count": 9 + }, + { + "cna": "security-report@netflix.com", + "count": 9 + }, + { + "cna": "security-alert@sophos.com", + "count": 9 + }, + { + "cna": "cna@cloudflare.com", + "count": 9 + }, + { + "cna": "sirt@silver-peak.com", + "count": 8 + }, + { + "cna": "psirt@sick.de", + "count": 8 + }, + { + "cna": "help@fluidattacks.com", + "count": 8 + }, + { + "cna": "psirt@wdc.com", + "count": 7 + }, + { + "cna": "disclosure@synopsys.com", + "count": 7 + }, + { + "cna": "cve@usom.gov.tr", + "count": 7 + }, + { + "cna": "security@mautic.org", + "count": 6 + }, + { + "cna": "security@duo.com", + "count": 6 + }, + { + "cna": "security@360.cn", + "count": 6 + }, + { + "cna": "jordan@liggitt.net", + "count": 6 + }, + { + "cna": "infosec@edk2.groups.io", + "count": 6 + }, + { + "cna": "dl_cve@linecorp.com", + "count": 6 + }, + { + "cna": "disclose@cybersecurityworks.com", + "count": 6 + }, + { + "cna": "cert@airbus.com", + "count": 6 + }, + { + "cna": "sep@nlnetlabs.nl", + "count": 5 + }, + { + "cna": "responsible-disclosure@pingidentity.com", + "count": 5 + }, + { + "cna": "psirt@mirantis.com", + "count": 5 + }, + { + "cna": "product-security@axis.com", + "count": 5 + }, + { + "cna": "josh@bress.net", + "count": 5 + }, + { + "cna": "info@appcheck-ng.com", + "count": 5 + }, + { + "cna": "cve_disclosure@tech.gov.sg", + "count": 5 + }, + { + "cna": "security@zabbix.com", + "count": 4 + }, + { + "cna": "security@tcpdump.org", + "count": 4 + }, + { + "cna": "security@opera.com", + "count": 4 + }, + { + "cna": "security@fidelissecurity.com", + "count": 4 + }, + { + "cna": "psirt@thalesgroup.com", + "count": 4 + }, + { + "cna": "cve@zscaler.com", + "count": 4 + }, + { + "cna": "security@vivo.com", + "count": 3 + }, + { + "cna": "security@pega.com", + "count": 3 + }, + { + "cna": "security@m-files.com", + "count": 3 + }, + { + "cna": "security@eset.com", + "count": 3 + }, + { + "cna": "securities@openeuler.org", + "count": 3 + }, + { + "cna": "prodsec@nozominetworks.com", + "count": 3 + }, + { + "cna": "hsrc@hikvision.com", + "count": 3 + }, + { + "cna": "cybersecurity@hitachi-powergrids.com", + "count": 3 + }, + { + "cna": "cve@forums.swift.org", + "count": 3 + }, + { + "cna": "security@snowsoftware.com", + "count": 2 + }, + { + "cna": "security@netgear.com", + "count": 2 + }, + { + "cna": "product.security@lge.com", + "count": 2 + }, + { + "cna": "iletisim@usom.gov.tr", + "count": 2 + }, + { + "cna": "cybersecurity@bd.com", + "count": 2 + }, + { + "cna": "SecurityResponse@netmotionsoftware.com", + "count": 2 + }, + { + "cna": "vulnerability@cspcert.ph", + "count": 1 + }, + { + "cna": "vdisclose@cert-in.org.in", + "count": 1 + }, + { + "cna": "security@replicated.com", + "count": 1 + }, + { + "cna": "security@devolutions.net", + "count": 1 + }, + { + "cna": "security@deepsurface.com", + "count": 1 + }, + { + "cna": "secure@ea.com", + "count": 1 + }, + { + "cna": "psirt@tigera.io", + "count": 1 + }, + { + "cna": "psirt@okta.com", + "count": 1 + }, + { + "cna": "psirt@forgerock.com", + "count": 1 + }, + { + "cna": "csirt@divd.nl", + "count": 1 + }, + { + "cna": "Alibaba-CNA@list.alibaba-inc.com", + "count": 1 + } +] \ No newline at end of file diff --git a/tools/cve_cna_security_advisories/cna_count_per_cve.rb b/tools/cve_cna_security_advisories/cna_count_per_cve.rb index c48ed6c..21046b5 100755 --- a/tools/cve_cna_security_advisories/cna_count_per_cve.rb +++ b/tools/cve_cna_security_advisories/cna_count_per_cve.rb @@ -1,6 +1,7 @@ #!/usr/bin/env ruby # this will loop through each year and for each CVE-ID and count the assigners require 'json' +require 'pry' files = Dir['../cvelist/*/*/*.json'] results = files.map do |fp| @@ -14,4 +15,8 @@ end sorted_and_grouped_cnas = results.map { |cve_id, cna_email| cna_email}.sort.group_by(&:itself) cna_count_per_cves = sorted_and_grouped_cnas.map {|k,v| [k, v.count]}.sort_by{|a,b|b}.reverse -cna_count_per_cves.map {|cna, count| puts "CNA: #{cna}, COUNT: #{count}"} +result_count = cna_count_per_cves.map {|cna, count| {:cna => cna, :count => count}} +binding.pry +json_data = JSON.pretty_generate(result_count) + +File.write("./cna_count_for_all_cves.json", json_data) diff --git a/tools/cvelist b/tools/cvelist new file mode 160000 index 0000000..7da9cef --- /dev/null +++ b/tools/cvelist @@ -0,0 +1 @@ +Subproject commit 7da9cefaa2dd26dd0412210a31f2d04647e3af82