2026-02-15 (Sunday) Journal
Day summary: Today’s RSS activity: 4 item(s) from discourse.ossbase.org including “KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)”; “CRA and GCVE overview”; “GCVE BCP-06 drafting - Requirements and Evaluation Criteria for GCVE Numbering Authorities”.
Hourly activity:
hour 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
pulse . . . . . . . . . . . . . + @ . + . . . . . . .
count 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 00 01 00 00 00 00 00 00 00
KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)
- Source:
discourse.ossbase.org - Time:
16:07:44 - Summary: It’s a pretty good document for the procurement aspect which is often neglected. I’m curious if we could generate a machine parseable output of all the controls points. Do you know the license of the document? and if we can freely reuse/redistribute the content? It’s clearly outside the KEV BCP-07 but it could be useful as reference point for the…
KEV (Known Exploited Vulnerabilities) - Potential Format (BCP-07)
- Source:
discourse.ossbase.org - Time:
14:41:06 - Summary: Indeed. At least for the contractual requirement, the KEV format (BCP-07) can be used to inform customers (even if the KEV is not disclosed outside the customer-vendor relationship). I suppose some extension in the KEV assertion can be indeed added. By the way, I did a quick mapping of CRA obligations and how GCVE can support it at the following…
Many people are concerned about the CRA requirements, especially how they map to real-world coordinated vulnerability disclosure (CVD) processes. I tried to map the standard to the functionality we have in GCVE.eu to see how it could be integrated into a standard CRA process and support compliance.🔗 https://discourse.ossbase.org/t/cra-and-gcve-overview/1017#cra #vulnerability #vulnerabilitymanagement #cybersecurity #gcve @gcve
- Source:
infosec.exchange - Time:
14:34:21 - Summary: CRA - GCVE overview
CRA and GCVE overview
- Source:
discourse.ossbase.org - Time:
14:07:42 - Summary: https://discourse.ossbase.org#p-1321-vendor-as-a-gcve-gna-and-decentralized-vulnerability-publication-workflow-1Vendor as a GCVE GNA and decentralized vulnerability publication workflow https://discourse.ossbase.org#p-1321-what-it-means-for-a-vendor-to-become-a-gna-in-the-gcve-model-2What it means for a vendor to become a GNA in the GCVE model Across GCVE BCPs, a GNA is treated as a publisher of vulnerability information and related metadata with decentralized operational control: - The directory is a trust anchor: “**The directory file contains authoritative metadata about GCVE Numbering…
GCVE BCP-06 drafting - Requirements and Evaluation Criteria for GCVE Numbering Authorities
- Source:
discourse.ossbase.org - Time:
13:25:20 - Summary: New version has been published including requirements from an organisation willing to be a GNA without publishing the vulnerability outside their circles. A new publishing model has been added to cover that use-case.
gcve.eu GCVE-BCP-06 - Requirements and Evaluation Criteria for GCVE Numbering… GCVE-BCP-06 - Requirements and Evaluation Criteria for GCVE Numbering Authorities (GNAs) Version: 1.0 Status: Draft (for…