2026-02-04 (Wednesday) Journal
Day summary: Today’s RSS activity: 3 item(s) from discourse.ossbase.org including “GCVE will be at hackathon.lu - April 14th and 15th, 2026”; “KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)”.
Hourly activity:
hour 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
pulse . . . . . . . . . . . . . . . . . . . . @ + . .
count 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 01 00 00
GCVE will be at hackathon.lu - April 14th and 15th, 2026
- Source:
discourse.ossbase.org - Time:
21:50:56 - Summary: This 2-day, in-person hackathon, held in Luxembourg on April 14–15, 2026 (09:00–17:00), combines a hands-on open-source hackathon with an integrated public conference morning on April 14 (09:00–12:00). The event focuses on the development of free and open-source software for cybersecurity and related domains. GCVE.eu will be there, so if you want to work on all the cool stuff around vulnerability…
KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)
- Source:
discourse.ossbase.org - Time:
20:16:37 - Summary:
adulau: The severityfield reflects the severity inferred from the exploitation assertion itself, not an abstract or vendor-defined vulnerability score. For example, a honeypot observation resulting in full system compromise would justify a high severity value. This distinction may benefit from clearer wording in the BCP document. I updated the BCP-07 draft based on the question and feedback provided.…
KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)
- Source:
discourse.ossbase.org - Time:
20:06:09 - Summary: Thanks a lot for taking the time to read the BCP and provide feedback. - Yes, the summary is correct. KEV is a standalone record type. - Yes, and additionally, there are cases where an identifier has already been assigned but is not yet publicly disclosed (e.g., embargoed vulnerabilities). -
vulnerability.vulnIdrepresents the primary identifier, whilevulnerability.altIdcontains synonymous identifiers…
KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)
- Source:
discourse.ossbase.org - Time:
05:43:49 - Summary: Thanks for the question as this will most probably update the BCP-07 with the actual background of the format. KEV and CVE (or GCVE) represent different layers in the model, and that distinction is intentional. A vulnerability identifier (CVE/GCVE) is primarily about establishing the identity of a vulnerability something that the ecosystem can refer to consistently over time. KEV, on…