"Google Announces Unified Schema to Make Sharing Vulnerabilities Easier"
Google has announced a unified schema for describing vulnerabilities. The goal of the unified schema is to make it easier to share data on vulnerabilities between databases. An issue with existing vulnerability databases is that each ecosystem or organization uses its own format to describe vulnerabilities, thus requiring those tracking vulnerabilities across multiple databases to handle each separately. The lack of a common standard for data creation makes sharing vulnerabilities difficult. The new unified schema, designed by the Google Open Source Security Team, Go Team, and the broader open source community, will allow vulnerability databases, open source users, and security researchers to consume vulnerabilities across all of open source easily. This will provide a more complete view of vulnerabilities in open source for all users, potentially leading to faster detection and remediation times. The schema follows in the footsteps of Google's Open Source Vulnerabilities (OSV) database, which was launched in February to improve vulnerability triage for developers and consumers of open source software. The OSV database was launched with a dataset containing a few thousand vulnerabilities from the OSS-Fuzz project. In addition to the unified schema for describing vulnerabilities, Google announced the expansion of the OSV database to several key open source ecosystems, including Go, Rust, Python, and DWF. This article continues to discuss the new unified vulnerability schema for open source.
SiliconANGLE reports "Google Announces Unified Schema to Make Sharing Vulnerabilities Easier"