added submodule for cvelist project and a json of the count of cna per cve-id

2022-03-01 23:52:31 -06:00 · 2022-03-01 23:52:31 -06:00 · 8b79305e52
commit 8b79305e52
parent da2589fbcf
4 changed files with 784 additions and 1 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -0,0 +1,3 @@
+[submodule "tools/cvelist"]
+	path = tools/cvelist
+	url = https://github.com/CVEProject/cvelist
--- a/tools/cve_cna_security_advisories/cna_count_for_all_cves.json
+++ b/tools/cve_cna_security_advisories/cna_count_for_all_cves.json
@ -0,0 +1,774 @@
+[
+  {
+    "cna": "cve@mitre.org",
+    "count": 144427
+  },
+  {
+    "cna": "secalert@redhat.com",
+    "count": 9077
+  },
+  {
+    "cna": "secure@microsoft.com",
+    "count": 7405
+  },
+  {
+    "cna": "secalert_us@oracle.com",
+    "count": 7012
+  },
+  {
+    "cna": "psirt@cisco.com",
+    "count": 4889
+  },
+  {
+    "cna": "psirt@us.ibm.com",
+    "count": 4687
+  },
+  {
+    "cna": "product-security@apple.com",
+    "count": 4353
+  },
+  {
+    "cna": "psirt@adobe.com",
+    "count": 4105
+  },
+  {
+    "cna": "security@android.com",
+    "count": 3178
+  },
+  {
+    "cna": "cert@cert.org",
+    "count": 2831
+  },
+  {
+    "cna": "ics-cert@hq.dhs.gov",
+    "count": 2015
+  },
+  {
+    "cna": "vultures@jpcert.or.jp",
+    "count": 1920
+  },
+  {
+    "cna": "product-security@qualcomm.com",
+    "count": 1890
+  },
+  {
+    "cna": "security-advisories@github.com",
+    "count": 1819
+  },
+  {
+    "cna": "security@google.com",
+    "count": 1747
+  },
+  {
+    "cna": "security@mozilla.org",
+    "count": 1411
+  },
+  {
+    "cna": "talos-cna@cisco.com",
+    "count": 1243
+  },
+  {
+    "cna": "psirt@huawei.com",
+    "count": 1168
+  },
+  {
+    "cna": "zdi-disclosures@trendmicro.com",
+    "count": 1104
+  },
+  {
+    "cna": "support@hackerone.com",
+    "count": 1040
+  },
+  {
+    "cna": "contact@wpscan.com",
+    "count": 957
+  },
+  {
+    "cna": "secure@intel.com",
+    "count": 945
+  },
+  {
+    "cna": "security@apache.org",
+    "count": 843
+  },
+  {
+    "cna": "jenkinsci-cert@googlegroups.com",
+    "count": 742
+  },
+  {
+    "cna": "chrome-cve-admin@google.com",
+    "count": 729
+  },
+  {
+    "cna": "security-alert@hpe.com",
+    "count": 728
+  },
+  {
+    "cna": "hp-security-alert@hp.com",
+    "count": 721
+  },
+  {
+    "cna": "cna@sap.com",
+    "count": 700
+  },
+  {
+    "cna": "security_alert@emc.com",
+    "count": 668
+  },
+  {
+    "cna": "productcert@siemens.com",
+    "count": 662
+  },
+  {
+    "cna": "security@debian.org",
+    "count": 631
+  },
+  {
+    "cna": "PSIRT-CNA@flexerasoftware.com",
+    "count": 488
+  },
+  {
+    "cna": "report@snyk.io",
+    "count": 469
+  },
+  {
+    "cna": "f5sirt@f5.com",
+    "count": 467
+  },
+  {
+    "cna": "sirt@juniper.net",
+    "count": 461
+  },
+  {
+    "cna": "cybersecurity@schneider-electric.com",
+    "count": 453
+  },
+  {
+    "cna": "security@microfocus.com",
+    "count": 404
+  },
+  {
+    "cna": "security@huntr.dev",
+    "count": 379
+  },
+  {
+    "cna": "psirt@nvidia.com",
+    "count": 367
+  },
+  {
+    "cna": "vulnreport@tenable.com",
+    "count": 355
+  },
+  {
+    "cna": "secure@dell.com",
+    "count": 340
+  },
+  {
+    "cna": "security@atlassian.com",
+    "count": 326
+  },
+  {
+    "cna": "cve@gitlab.com",
+    "count": 316
+  },
+  {
+    "cna": "security@ubuntu.com",
+    "count": 294
+  },
+  {
+    "cna": "security@trendmicro.com",
+    "count": 293
+  },
+  {
+    "cna": "security@vmware.com",
+    "count": 285
+  },
+  {
+    "cna": "psirt@fortinet.com",
+    "count": 283
+  },
+  {
+    "cna": "secure@symantec.com",
+    "count": 271
+  },
+  {
+    "cna": "cve@cert.org.tw",
+    "count": 260
+  },
+  {
+    "cna": "psirt@mcafee.com",
+    "count": 245
+  },
+  {
+    "cna": "mobile.security@samsung.com",
+    "count": 242
+  },
+  {
+    "cna": "psirt@lenovo.com",
+    "count": 197
+  },
+  {
+    "cna": "security@wordfence.com",
+    "count": 178
+  },
+  {
+    "cna": "psirt@paloaltonetworks.com",
+    "count": 160
+  },
+  {
+    "cna": "security@synology.com",
+    "count": 158
+  },
+  {
+    "cna": "cve-assign@distributedweaknessfiling.org",
+    "count": 157
+  },
+  {
+    "cna": "security@qnap.com",
+    "count": 150
+  },
+  {
+    "cna": "vuln@krcert.or.kr",
+    "count": 135
+  },
+  {
+    "cna": "vulnerability@kaspersky.com",
+    "count": 126
+  },
+  {
+    "cna": "secteam@freebsd.org",
+    "count": 123
+  },
+  {
+    "cna": "security@tibco.com",
+    "count": 120
+  },
+  {
+    "cna": "cve@rapid7.com",
+    "count": 119
+  },
+  {
+    "cna": "cve-assign@fb.com",
+    "count": 116
+  },
+  {
+    "cna": "info@cert.vde.com",
+    "count": 115
+  },
+  {
+    "cna": "vulnerabilitylab@whitesourcesoftware.com",
+    "count": 114
+  },
+  {
+    "cna": "psirt@zte.com.cn",
+    "count": 94
+  },
+  {
+    "cna": "security@eclipse.org",
+    "count": 93
+  },
+  {
+    "cna": "security@elastic.co",
+    "count": 91
+  },
+  {
+    "cna": "security@suse.com",
+    "count": 87
+  },
+  {
+    "cna": "security-alert@netapp.com",
+    "count": 86
+  },
+  {
+    "cna": "cve@checkpoint.com",
+    "count": 71
+  },
+  {
+    "cna": "cybersecurity@ch.abb.com",
+    "count": 70
+  },
+  {
+    "cna": "PSIRT@sonicwall.com",
+    "count": 68
+  },
+  {
+    "cna": "sirt@brocade.com",
+    "count": 67
+  },
+  {
+    "cna": "psirt@amd.com",
+    "count": 66
+  },
+  {
+    "cna": "larry0@me.com",
+    "count": 66
+  },
+  {
+    "cna": "psirt@hcl.com",
+    "count": 63
+  },
+  {
+    "cna": "vuln@ca.com",
+    "count": 60
+  },
+  {
+    "cna": "security@pivotal.io",
+    "count": 58
+  },
+  {
+    "cna": "security-officer@isc.org",
+    "count": 54
+  },
+  {
+    "cna": "vulnerabilities@zephyrproject.org",
+    "count": 45
+  },
+  {
+    "cna": "security@puppet.com",
+    "count": 45
+  },
+  {
+    "cna": "psirt@bosch.com",
+    "count": 45
+  },
+  {
+    "cna": "cve-requests@bitdefender.com",
+    "count": 45
+  },
+  {
+    "cna": "audit@patchstack.com",
+    "count": 45
+  },
+  {
+    "cna": "security@drupal.org",
+    "count": 44
+  },
+  {
+    "cna": "psirt@autodesk.com",
+    "count": 44
+  },
+  {
+    "cna": "security@kubernetes.io",
+    "count": 41
+  },
+  {
+    "cna": "patrick@puiterwijk.org",
+    "count": 41
+  },
+  {
+    "cna": "security@php.net",
+    "count": 37
+  },
+  {
+    "cna": "cna@mongodb.com",
+    "count": 37
+  },
+  {
+    "cna": "security@mediatek.com",
+    "count": 35
+  },
+  {
+    "cna": "secure@blackberry.com",
+    "count": 35
+  },
+  {
+    "cna": "openssl-security@openssl.org",
+    "count": 35
+  },
+  {
+    "cna": "security@otrs.com",
+    "count": 34
+  },
+  {
+    "cna": "psirt@solarwinds.com",
+    "count": 34
+  },
+  {
+    "cna": "securityalerts@avaya.com",
+    "count": 32
+  },
+  {
+    "cna": "security@xen.org",
+    "count": 32
+  },
+  {
+    "cna": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp",
+    "count": 32
+  },
+  {
+    "cna": "security@joomla.org",
+    "count": 31
+  },
+  {
+    "cna": "cve@aliasrobotics.com",
+    "count": 29
+  },
+  {
+    "cna": "security@jfrog.com",
+    "count": 24
+  },
+  {
+    "cna": "productsecurity@jci.com",
+    "count": 24
+  },
+  {
+    "cna": "cve-coordination@incibe.es",
+    "count": 24
+  },
+  {
+    "cna": "security@zoom.us",
+    "count": 22
+  },
+  {
+    "cna": "psirt@esri.com",
+    "count": 22
+  },
+  {
+    "cna": "disclosures@gallagher.com",
+    "count": 22
+  },
+  {
+    "cna": "cve-notifications-us@f-secure.com",
+    "count": 22
+  },
+  {
+    "cna": "browser-security@yandex-team.ru",
+    "count": 21
+  },
+  {
+    "cna": "security@vaadin.com",
+    "count": 20
+  },
+  {
+    "cna": "security@teradici.com",
+    "count": 20
+  },
+  {
+    "cna": "security@xiaomi.com",
+    "count": 19
+  },
+  {
+    "cna": "vulnerability@ncsc.ch",
+    "count": 18
+  },
+  {
+    "cna": "cybersecurity@dahuatech.com",
+    "count": 18
+  },
+  {
+    "cna": "cve-request@iojs.org",
+    "count": 18
+  },
+  {
+    "cna": "security@odoo.com",
+    "count": 17
+  },
+  {
+    "cna": "security@documentfoundation.org",
+    "count": 17
+  },
+  {
+    "cna": "product-cna@github.com",
+    "count": 16
+  },
+  {
+    "cna": "VulnerabilityReporting@secomea.com",
+    "count": 16
+  },
+  {
+    "cna": "cna@cyber.gov.il",
+    "count": 15
+  },
+  {
+    "cna": "security@acronis.com",
+    "count": 14
+  },
+  {
+    "cna": "security@zyxel.com.tw",
+    "count": 13
+  },
+  {
+    "cna": "responsibledisclosure@mattermost.com",
+    "count": 13
+  },
+  {
+    "cna": "CybersecurityCOE@eaton.com",
+    "count": 13
+  },
+  {
+    "cna": "psirt@forcepoint.com",
+    "count": 12
+  },
+  {
+    "cna": "psirt@arista.com",
+    "count": 12
+  },
+  {
+    "cna": "vuln@vdoo.com",
+    "count": 11
+  },
+  {
+    "cna": "security@oppo.com",
+    "count": 11
+  },
+  {
+    "cna": "security-info@sgi.com",
+    "count": 11
+  },
+  {
+    "cna": "psirt-info@cyber.jp.nec.com",
+    "count": 11
+  },
+  {
+    "cna": "cve@navercorp.com",
+    "count": 11
+  },
+  {
+    "cna": "security@salesforce.com",
+    "count": 10
+  },
+  {
+    "cna": "security@openvpn.net",
+    "count": 10
+  },
+  {
+    "cna": "security@octopus.com",
+    "count": 10
+  },
+  {
+    "cna": "cybersecurity@hitachienergy.com",
+    "count": 10
+  },
+  {
+    "cna": "security@search-guard.com",
+    "count": 9
+  },
+  {
+    "cna": "security@craftersoftware.com",
+    "count": 9
+  },
+  {
+    "cna": "security-report@netflix.com",
+    "count": 9
+  },
+  {
+    "cna": "security-alert@sophos.com",
+    "count": 9
+  },
+  {
+    "cna": "cna@cloudflare.com",
+    "count": 9
+  },
+  {
+    "cna": "sirt@silver-peak.com",
+    "count": 8
+  },
+  {
+    "cna": "psirt@sick.de",
+    "count": 8
+  },
+  {
+    "cna": "help@fluidattacks.com",
+    "count": 8
+  },
+  {
+    "cna": "psirt@wdc.com",
+    "count": 7
+  },
+  {
+    "cna": "disclosure@synopsys.com",
+    "count": 7
+  },
+  {
+    "cna": "cve@usom.gov.tr",
+    "count": 7
+  },
+  {
+    "cna": "security@mautic.org",
+    "count": 6
+  },
+  {
+    "cna": "security@duo.com",
+    "count": 6
+  },
+  {
+    "cna": "security@360.cn",
+    "count": 6
+  },
+  {
+    "cna": "jordan@liggitt.net",
+    "count": 6
+  },
+  {
+    "cna": "infosec@edk2.groups.io",
+    "count": 6
+  },
+  {
+    "cna": "dl_cve@linecorp.com",
+    "count": 6
+  },
+  {
+    "cna": "disclose@cybersecurityworks.com",
+    "count": 6
+  },
+  {
+    "cna": "cert@airbus.com",
+    "count": 6
+  },
+  {
+    "cna": "sep@nlnetlabs.nl",
+    "count": 5
+  },
+  {
+    "cna": "responsible-disclosure@pingidentity.com",
+    "count": 5
+  },
+  {
+    "cna": "psirt@mirantis.com",
+    "count": 5
+  },
+  {
+    "cna": "product-security@axis.com",
+    "count": 5
+  },
+  {
+    "cna": "josh@bress.net",
+    "count": 5
+  },
+  {
+    "cna": "info@appcheck-ng.com",
+    "count": 5
+  },
+  {
+    "cna": "cve_disclosure@tech.gov.sg",
+    "count": 5
+  },
+  {
+    "cna": "security@zabbix.com",
+    "count": 4
+  },
+  {
+    "cna": "security@tcpdump.org",
+    "count": 4
+  },
+  {
+    "cna": "security@opera.com",
+    "count": 4
+  },
+  {
+    "cna": "security@fidelissecurity.com",
+    "count": 4
+  },
+  {
+    "cna": "psirt@thalesgroup.com",
+    "count": 4
+  },
+  {
+    "cna": "cve@zscaler.com",
+    "count": 4
+  },
+  {
+    "cna": "security@vivo.com",
+    "count": 3
+  },
+  {
+    "cna": "security@pega.com",
+    "count": 3
+  },
+  {
+    "cna": "security@m-files.com",
+    "count": 3
+  },
+  {
+    "cna": "security@eset.com",
+    "count": 3
+  },
+  {
+    "cna": "securities@openeuler.org",
+    "count": 3
+  },
+  {
+    "cna": "prodsec@nozominetworks.com",
+    "count": 3
+  },
+  {
+    "cna": "hsrc@hikvision.com",
+    "count": 3
+  },
+  {
+    "cna": "cybersecurity@hitachi-powergrids.com",
+    "count": 3
+  },
+  {
+    "cna": "cve@forums.swift.org",
+    "count": 3
+  },
+  {
+    "cna": "security@snowsoftware.com",
+    "count": 2
+  },
+  {
+    "cna": "security@netgear.com",
+    "count": 2
+  },
+  {
+    "cna": "product.security@lge.com",
+    "count": 2
+  },
+  {
+    "cna": "iletisim@usom.gov.tr",
+    "count": 2
+  },
+  {
+    "cna": "cybersecurity@bd.com",
+    "count": 2
+  },
+  {
+    "cna": "SecurityResponse@netmotionsoftware.com",
+    "count": 2
+  },
+  {
+    "cna": "vulnerability@cspcert.ph",
+    "count": 1
+  },
+  {
+    "cna": "vdisclose@cert-in.org.in",
+    "count": 1
+  },
+  {
+    "cna": "security@replicated.com",
+    "count": 1
+  },
+  {
+    "cna": "security@devolutions.net",
+    "count": 1
+  },
+  {
+    "cna": "security@deepsurface.com",
+    "count": 1
+  },
+  {
+    "cna": "secure@ea.com",
+    "count": 1
+  },
+  {
+    "cna": "psirt@tigera.io",
+    "count": 1
+  },
+  {
+    "cna": "psirt@okta.com",
+    "count": 1
+  },
+  {
+    "cna": "psirt@forgerock.com",
+    "count": 1
+  },
+  {
+    "cna": "csirt@divd.nl",
+    "count": 1
+  },
+  {
+    "cna": "Alibaba-CNA@list.alibaba-inc.com",
+    "count": 1
+  }
+]
--- a/tools/cve_cna_security_advisories/cna_count_per_cve.rb
+++ b/tools/cve_cna_security_advisories/cna_count_per_cve.rb
@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
 # this will loop through each year and for each CVE-ID and count the assigners
 require 'json'
+require 'pry'

 files = Dir['../cvelist/*/*/*.json']
 results = files.map do |fp|
@ -14,4 +15,8 @@ end
 sorted_and_grouped_cnas = results.map { |cve_id, cna_email| cna_email}.sort.group_by(&:itself) 
 cna_count_per_cves = sorted_and_grouped_cnas.map {|k,v| [k, v.count]}.sort_by{|a,b|b}.reverse

-cna_count_per_cves.map {|cna, count| puts "CNA: #{cna}, COUNT: #{count}"}
+result_count = cna_count_per_cves.map {|cna, count| {:cna => cna, :count => count}}
+binding.pry
+json_data = JSON.pretty_generate(result_count)
+
+File.write("./cna_count_for_all_cves.json", json_data)
--- a/tools/cvelist
+++ b/tools/cvelist
@ -0,0 +1 @@
+Subproject commit 7da9cefaa2dd26dd0412210a31f2d04647e3af82
				`@ -0,0 +1 @@`
				`Subproject commit 7da9cefaa2dd26dd0412210a31f2d04647e3af82`