FederatedCode Next
UI and curation queue for VulnerableCode data enrichment
VulnerableCode is an open-source database that aggregates and enriches data concerning CVE with metadata to make it easier to track CVEs across packages and dependencies. VulnerableCode was designed from its inception to correlate and aggregate multiple data sources and not have a single point of failure. The FederatedCode Next project aims to create a UI and curation queue for VulnerableCode in order to take the next step towards an open, peer-to-peer federated database of code vulnerabilities.
This allows to to ensure cybersecurity professionals have the essential information they need to do their work when new vulnerabilities are unveiled - such as PURL and VERS version ranges for impacted and fixed package versions, Common Weakness Enumeration details to qualify the weakness exposed by a CVE, severity scoring, mitigation possibilities beside updating and patching, the actual commits/patches that introduce/fix a vulnerability for reachability analysis, related PoC for exploits, etcetera.
- The project's own website: https://aboutcode.org
Run by AboutCode Europe ASBL
This project was funded through the NGI0 Commons Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101135429. Additional funding is made available by the Swiss State Secretariat for Education, Research and Innovation (SERI).
