Hi I like the VEX proposal from Sanjay.
- It is a standard that can be supported by many tools and requested by customers. One use case I see is where a vendor sells a product with an SBOM. The customer can then match the open vulnerabilities to the current state of the NIST database using a standard tool based on SBOM. Aligning the categories to a standard would be helpful for this. (Yocto's CVE check is great for Yocto, but cannot be used independently of Yocto.) - A minimum number of categories is defined. All details can be added to the REASON variable. Regards, Adrian
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182340): https://lists.openembedded.org/g/openembedded-core/message/182340 Mute This Topic: https://lists.openembedded.org/mt/99007092/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
