[Buildroot] RFC: CVE analysis
Matthew Weber
matthew.weber at rockwellcollins.com
Mon Sep 22 20:21:31 UTC 2014
I was curious if anyone has done a script similar to the "make legal-info"
that takes a package list and checks it against a CVE database? We're
looking at doing some automated tracking of vulnerabilities with our
nightly builds and were at a point of putting something together.
It might also be an interesting feature to expose on the Buildroot
website.... maybe listing the current vulnerabilities of the last release
and the current tip?
--
Matthew L Weber / Pr Software Engineer
Airborne Information Systems / Security Systems and Software
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA
www.rockwellcollins.com
Note: Any Export License Required Information and License Restricted Third
Party Intellectual Property (TPIP) content must be encrypted and sent to
matthew.weber at corp.rockwellcollins.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20140922/758ccf5c/attachment.html>
More information about the buildroot
mailing list