Opengrep reposted this
Is this the time for an openMITRE? The CWE and CVE databases are cornerstones of the AppSec world. It's what allows companies like ours, practitioners and researchers to have a common way of dealing with threats. With the unconfirmed news that support for MITRE might be ending, we as a security community need to come together on this. Who's in?
This is such a crucial time to redefine the future of how threats are communicated to everyone else, exciting honestly! Interested to hear your thoughts on the situation!
👀 👀 👀
Ahmad I'm with you.
No CVE/CWE updates? My threat model might just throw a digital tantrum. An open community effort definitely sounds like the patch we need. Who's bringing the coffee for the inevitable all nighter planning session?
I might have a few building blocks already in the works if this gets traction.
Great. Join the work in the OpenSSF vulnerability disclosures working group. I'm working on a document with some ideas on a global multi-stakeholder database - DM me if you want to join. It's time to step up as a community, as you say.
I’d like to contribute if this gets off the ground
Ahmad, would love to hear more on this!
I Write SIEMs, Not Tragedies - The Grey Wizard of Cybersecurity 🧙🏻♂️
4dWilling to add value where I can!