-
-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ruby-doc.org does not link to ruby-advisory-db #33
Comments
They're not using our data rubysec/rubysec.github.io#1 :) |
I will send an email asking whether they've looked at ruby-advisory-db or if they need additional data (maybe a |
Got this feed back:
|
How about a simple static site generator that parses the YAML versions and spits out an HTML version, which could be hosted on Github Pages? |
Here's a crazy idea: Parse YAML -> Produce Markdown -> Run through Octopress -> Static site complete with RSS feed |
I also thought about setting up a simple blog to announce advisories with an atom feed. |
Thanks to @tarcieri there is now an Atom feed of database. Perhaps we could make another Atom feed containing YAML or JSON data, and see if James Britt prefers that over scraping NVDB? |
Once the site is updating via CI (coming soon!), should poke the ruby-doc.org folk again, as MITRE has been super slow to assign CVEs, which means NVD doesn't get those updates. However, we need to be diligent about getting stuff added to ruby-security-db as quickly as possible when stuff is announced. |
Though, I suspect we'll need to handle vulns in ruby engines and rubygems as well first. |
If you visit:
http://www.ruby-doc.org/
You will see:
"There was 1 Ruby vulnerability reports in the last 14 days. 1 undetermined. Most recent: CVE-2013-1656. See details."
You are presented with a friendly reminder of recent Ruby security vulnerabilities! Seems good!
PROBLEM: this goes to http://web.nvd.nist.gov/
Shouldn't this go to ruby-advisory-db in some form or another?
The text was updated successfully, but these errors were encountered: