Open
Description
These contain valuable data nuggets among an ocean of junk and we need to be able to find the good things there.
Some sources are:
- mailing lists such as:
- changelogs Parse CHANGELOGs to discover new Vulnerabilities #233
- reflogs of commit (see also the commits from vulncodedb and SAP/Eclipse steady KB)
- bug and issue trackers (such as Django, etc)
- actual description of a CVE or the text body of advisories. See Extract interesting data from CVE and other vulnerabilities body #551
We can either automate it all, but that's going to be super difficult, or rather start to craft a curation queue and parse as much as we can to make it easy to curate by humans
... and progressively also improve some mini AI and classification to help further automate the work.