| ▲ | bane 6 days ago | |||||||
Hear me out, I wonder if the need for a decentralized database of data like this might be an actual good use for block chains? Requires consensus Immutable Distributed A user who needs the CVE database thus just needs to grab a copy of the ledger off of bit torrent or wherever and parse it for all data or updates, etc. It's not like CVEs get lots of updates, and you need to keep track of all of them forever anyways. Updates could be handled by just adding another entry to the chain, and bad actors couldn't really tamper with it. | ||||||||
| ▲ | sph 6 days ago | parent [-] | |||||||
It does not require consensus. It does not require to be immutable. It’s simply advisory data. There is no gain if one owner decides to censor or tamper with their stored CVE data, apart from annoyance for its users. You’ll be quite fine with a centralised database and mirrors. We have been fine with that until now. All that we need is data to be freely available, shared and possibly that other institutions offer to catalogue software vulnerabilities to have some kind of redundancy and duplication. | ||||||||
| ||||||||