CVE Reporting
Posted: Wed Nov 24, 2021 5:15 am
In addition to my recent post around signing of executables and installers to allow installation and use in business with security and compliance requirements, is there any procedure, list or reporting database for reporting of CVE (Common Vulnerabilities and Exploits). Reporting of possible security issues to a public forum, list or official CVE database is also a requirement in secure business environments especially in the case of any Open Source software. We are trying to get adoption of the CloudCompare software within our business so I am trying to get more information around the reporting of CVEs that may be uncovered so we can move forward with this process if possible.
I have already run some SSAT (Static Application Security Tests) software over the code base I have pulled from the repository and aside from some basic possible buffer overruns turned up nothing significant so I cam keen to move forward with our vetting which (hopefully) will progress far enough to get CloudCompare approved for us which in turn could then be used against certifying and compliance for use in other sectors / companies
I have already run some SSAT (Static Application Security Tests) software over the code base I have pulled from the repository and aside from some basic possible buffer overruns turned up nothing significant so I cam keen to move forward with our vetting which (hopefully) will progress far enough to get CloudCompare approved for us which in turn could then be used against certifying and compliance for use in other sectors / companies