In the pod Linux Matters ep 30, Alan Pope told that NIST has stopped/paused to add "metadata" to eg CVE vulnerability reports in their NVD data base. In the unclear situation, Anchore weher Alan works, has initiated something open source and asks other to join to fill the gap.
All is outside of my competence area but appears to be interesting/critical/concern.
Ref Anchor blog post and pod:
https://linuxmatters.sh/30/
https://anchore.com/blog/national-vulnerability-database-opaque-changes-and-unanswered-questions/
#security #vulnerability #NIST #Anchore #CVE #nvd
@hehemrin Tack för tips!