Hello, in other programming languages there are ways to track vulnerabilities of the packages that are used in one's source code. This is done via CVE lists.
Also in the case of LabVIEW, for example, cybersecurity vulnerabilities are published in such CVE lists, so that users can get notified and decide to patch it or not.
What we miss, in my opinion, is a similar tool for all the packages we install via VIPM. If those packages, as of today, are affected by a vulnerabilities, there is no way to know (in my knowledge).
It would be useful if, for the packages accessible via VIPM, such a CVE list is generated and maintained. Any user, would then track the packages he has installed and patch them when a soon as a fix is released.
Question
Marco Pignati
Hello, in other programming languages there are ways to track vulnerabilities of the packages that are used in one's source code. This is done via CVE lists.
Also in the case of LabVIEW, for example, cybersecurity vulnerabilities are published in such CVE lists, so that users can get notified and decide to patch it or not.
What we miss, in my opinion, is a similar tool for all the packages we install via VIPM. If those packages, as of today, are affected by a vulnerabilities, there is no way to know (in my knowledge).
It would be useful if, for the packages accessible via VIPM, such a CVE list is generated and maintained. Any user, would then track the packages he has installed and patch them when a soon as a fix is released.
Link to comment
Share on other sites
0 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.