-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce support for EPSS (GSOC 2023) #2619
Comments
Hi @anthonyharrison and @terriko I am interested in working on this as part of GSOC 2023. 😊 Please, let me know the following steps. Thank You! |
@galoget Check out our "GSoC 2023 start here" guide -- the next steps are all in there! |
Thanks @terriko. Already checked that. Now I am doing some brainstorming to prepare my project proposal based on ideas described here to add support to EPSS. |
Making it clear for others since we've talked about claiming issues a bit lately: GSoC issues can't be "claimed" the way regular issues can. What happens here is that multiple people can submit applications to work on this idea through google summer of code (the contributor applications aren't open yet, but it'll go through the https://summerofcode.withgoogle.com system). After the system closes, we review the applications in the system and select applicants through there. It's more like a job opening or a contest than our regular issues, so don't be intimidated if someone else comments first or seems to be working on it -- we expect to get multiple applications for each idea, and we'll rank them and choose the top applicants from the pool after the application period closes. I think I currently have more ideas listed than we have mentors for, so it's likely we won't "hire" for every idea this year. |
This was completed in summer 2023 and can now be closed. |
POTENTIAL GSOC2023 Idea (#2230)
To compliment the CVSS score, FIRST have released the Exploit Prediction Scoring System (EPSS). There is an API which can be used to download the data in JSON format and also a daily download of the data in CSV format.
Would be useful to add this data and report this as part of the vulnerability information with the CVSS score.
Will need to ensure appropriate attribution is made.
Suggested implementation:
There is the potential to link this with the exploit data which is currently downloaded (Note - need to add attribution to this - It is called KEV (Known Exploited Vulnerabilities)
The text was updated successfully, but these errors were encountered: