"""
Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources (NIST, GitHub, CSAF, PySec, VARIoT, etc.), independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD).
"""
I used Circos quite a lot back in time. It's written in Perl.
I was working on a Python visualization tool for analyzing the relationships between different IP, from network traffic capture:
It's (Font Awesome) fa-paper-plane, and not fa-telegram.
No but seriously I admit it's not a good choice. We will change it to something else. I personally never used Telegram, I do not even know how their Website looks like.
> The GNU Affero General Public License is a modified version of the ordinary GNU GPL version 3. It has one added requirement: if you run a modified program on a server and let other users communicate with it there, your server must also allow them to download the source code corresponding to the modified version running there.
> The purpose of the GNU Affero GPL is to prevent a problem that affects developers of free programs that are often used on servers.
" ...the only entities capable of safely using the AGPL are companies using it to dump source ... "
I stopped reading here. But this will definitely make my day. I won't even start to list examples of companies (private sector, public sector, research, etc.) that are not in this "only entities".
Can you explain why it's not safe to use for most orgs? The other comment mentions the diff between it and v3 is providing source, but isn't providing the revised source pretty easy?
> Can you explain why it's not safe to use for most orgs?
FUD is why. GPL and AGPL basically both state that you have to provide the source code to people who come in possesion of a copy, with AGPL stating that you also have to provide source code to users interacting with a copy of this software remotely.
Some people got it in their head that this means you have to provide the source code to everything and the kitchen sink running remotely near the computer running a single line of AGPL licensed code.
> The other comment mentions the diff between it and v3 is providing source
The diff is having to provide source for interacting with a remote copy vs having to provide source for local copies only.
There are many situations in which complying with clauses like this is almost impossible
> 13. Remote Network Interaction; Use with the GNU General Public License.
> Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
There are many pieces of software that users interact with, but which are unable to prominently display anything at all. The AGPL license essentially forbids such uses of software.
For example an analytics tool like Piwik couldn't really work with AGPL, as it inherently can't prominently offer anything to users.
Unless we're going to interpret "prominent" as "whatever is convenient", this clause restricts AGPL to software which is capable of prominently displaying messages to the user.
It's the most recent, really in development. It's about scanning IP ranges, looking for vulnerabilities (in MS Exchange Servers and various things) and sending notifications.
Some parts are already used for operational stuff (NMAP Script Engines for example).
"MONARC is an iterative and qualitative method of risk analysis in four stages, broadly inspired by ISO/IEC 27005." ;-)
And maybe this project:
https://github.com/NC3-LU/MOSP
As you can see it's a collaborative platform to share security related JSON objects. The nice thing is the object editing user interface automatically generated thanks to the JSON schemas.
The project provides an API and is connected to every MONARC instances.
scandale-project is also meant to monitor constituencies' actions after being notified about security issues. The idea is to timestamp scan results with a Time Stamp Authority to have a clear and indisputable incident timeline following a notification. The aim is to nudge constituencies to take action and also give them leverage on non-cooperating suppliers. No infrastructure change or patch after repeated notifications is not a good trajectory to be on--hence the name, scandale :)
Like yourself I was both a consumer and producer on Freshmeat.
I recall when it closed, I think RMS or ESR (kinda fuzzy now) asked for people to help build a replacement.
Personally, it is a real loss, not in a nostalgia sort of way, but in a discovery way. Search engines, searching github, heck just github, are no substitute for the cool software we found on Freshmeat. It was a way for projects to not only become visible, but for you to stumble upon them (as other comments have already noted). With some frequency, I wonder why no one has come up with a replacement. Sourceforge has had its ups and downs, but the front page of SourceForge compared to FreshMeat.net is like comparing a modern news conglomerate to Hacker News.
""" Vulnerability Lookup facilitates quick correlation of vulnerabilities from various sources (NIST, GitHub, CSAF, PySec, VARIoT, etc.), independent of vulnerability IDs, and streamlines the management of Coordinated Vulnerability Disclosure (CVD). """
https://github.com/cve-search/vulnerability-lookup