Kurt,
On Thu, 20 Apr 2017, Kurt Seifried wrote:
: Progress in our time
:
:
https://github.com/distributedweaknessfiling/DWF-CVE-2017-1000000/commit/7e1ff65791a766fb74d440ab3110ab1331032e50As an early advocate of, and now an apparent critic of... =)
Why did DWF break from the prior format?
https://github.com/distributedweaknessfiling/DWF-Database/We had per-year CSVs with the assignment info. From there we could look at
the artifacts in a separate repo using the same ID.
Now you are using a new repo and format:
https://github.com/distributedweaknessfiling/DWF-CVE-2017-1000000Not only do we lose the CSV, we move entirely to JSON format. While that
is of obvious interest to some stakeholders, and has been discussed on
list recently, that isn't necessarily immediately usable to everyone.
Further, the new format means there is no central file or 'registry' to
reference these. Consider what the URL above gives us:
CVE-2017-1000001.json CVE-2017-1000001 3 months ago
CVE-2017-1000357.json ODL CVE's 7 hours ago
CVE-2017-1000358.json ODL CVE's 7 hours ago
CVE-2017-1000359.json ODL CVE's 7 hours ago
CVE-2017-1000360.json ODL CVE's 7 hours ago
CVE-2017-1000361.json ODL CVE's 7 hours ago
So we have to click each link, digest the JSON, and figure out the
assignment? Compare to the previous system where a single CSV gave us a
reference point, vendor, product, dates, type of vuln, and who
discovered... this seems to be a step back in many ways.
After several months of no new DWF assignments, while having a DWF-minted
CNA in the form of an individual, that I have brought up on list because
the Twitters brought it up and caught my attention... One has to wonder if
DWF is losing focus from the original goal.
.b
Locked
