Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce support for EPSS (GSOC 2023) #2619

Closed
anthonyharrison opened this issue Jan 31, 2023 · 5 comments
Closed

Introduce support for EPSS (GSOC 2023) #2619

anthonyharrison opened this issue Jan 31, 2023 · 5 comments
Labels
gsoc Tasks related to our participation in Google Summer of Code

Comments

@anthonyharrison
Copy link
Contributor

anthonyharrison commented Jan 31, 2023
edited
Loading

POTENTIAL GSOC2023 Idea (#2230)

To compliment the CVSS score, FIRST have released the Exploit Prediction Scoring System (EPSS). There is an API which can be used to download the data in JSON format and also a daily download of the data in CSV format.

Would be useful to add this data and report this as part of the vulnerability information with the CVSS score.

Will need to ensure appropriate attribution is made.

Suggested implementation:

  • Update database schema to include EPSS data for each CVE
  • Add EPSS as a new data source. Ensure it only downloads no more than once every 24 hours.
  • Update database query for each CVE to retrieve EPSS data
  • Update output reports to include EPSS data
  • Add extra CLI commands to complient CVSS commands to filter on EPSS scores (default is all values)
  • Update documentation, tests etc

There is the potential to link this with the exploit data which is currently downloaded (Note - need to add attribution to this - It is called KEV (Known Exploited Vulnerabilities)
@terriko terriko added the gsoc Tasks related to our participation in Google Summer of Code label Jan 31, 2023
@terriko terriko mentioned this issue Feb 1, 2023
Closed
@galoget
Copy link
Contributor

galoget commented Feb 22, 2023

Hi @anthonyharrison and @terriko

I am interested in working on this as part of GSOC 2023. 😊

Please, let me know the following steps. Thank You!

@terriko
Copy link
Contributor

terriko commented Feb 22, 2023

@galoget Check out our "GSoC 2023 start here" guide -- the next steps are all in there!

@galoget
Copy link
Contributor

galoget commented Feb 23, 2023

Thanks @terriko. Already checked that. Now I am doing some brainstorming to prepare my project proposal based on ideas described here to add support to EPSS.

@terriko
Copy link
Contributor

terriko commented Mar 1, 2023

Making it clear for others since we've talked about claiming issues a bit lately:

GSoC issues can't be "claimed" the way regular issues can. What happens here is that multiple people can submit applications to work on this idea through google summer of code (the contributor applications aren't open yet, but it'll go through the https://summerofcode.withgoogle.com system). After the system closes, we review the applications in the system and select applicants through there. It's more like a job opening or a contest than our regular issues, so don't be intimidated if someone else comments first or seems to be working on it -- we expect to get multiple applications for each idea, and we'll rank them and choose the top applicants from the pool after the application period closes. I think I currently have more ideas listed than we have mentors for, so it's likely we won't "hire" for every idea this year.

@rudrakshkarpe rudrakshkarpe mentioned this issue Apr 5, 2023
Closed
@terriko
Copy link
Contributor

terriko commented Nov 29, 2023

This was completed in summer 2023 and can now be closed.

@terriko terriko closed this as completed Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
gsoc Tasks related to our participation in Google Summer of Code
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@terriko @galoget @anthonyharrison