VINCE Storage of Vendor products and their affected versions #70
Assignees
Labels
enhancement
New feature or request
Comments
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Jan 24, 2023
Closed
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Feb 14, 2023
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Feb 14, 2023
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Apr 12, 2023
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Apr 12, 2023
z-priest
added a commit
to z-priest/VINCE
that referenced
this issue
Apr 12, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We would like to add more functionality to product information in Vince.
A discussion in the past involved modifying an existing database table 'cve_affected_products' that wasn’t utilized as much as we assumed it could be, creating an additional table, or using JSON or some sort of file storage to achieve this goal.
Guidance on what method is preferred over the another is appreciated. We have been investigating and have spent time creating an entirely new table to get this to work properly.
Ideal scenario: when adding a list of products to a vulnerability to be able to select a vendor/org and have a drop down show up with relevant products that exist in a ‘product database’ tied to that vendor, with an option to add a product name if it does not exist. After a vendor/product are selected then we add in a version string.
Being able to recall this information into different files/views/dashboards will go a long way and is at the top of our priority list.
I do see in #24 reference to ‘we do not collect product names and version in a compatible format from each vendor’ – is there a reason for this, or a reason that a coordinator wouldn't be able to update a vendors ‘product_list’?
The text was updated successfully, but these errors were encountered: