Mastodawn

cpe-guesser 2.0 released - Multi-Source CPE Imports, Better Ranking, and Greater Autonomy Beyond NVD

Version 2.0 brings major improvements to CPE import, ranking, and CVE v5 data handling. This release focuses on better import performance, broader format support, improved search relevance, and more robust indexing for vendor and product matching.

A notable change in this release is that cpe-guesser is no longer limited to NVD as its only practical CPE source. In addition to the NVD feeds, it can also leverage the Vulnerability-Lookup dump available at https://vulnerability.circl.lu/dumps/ , providing additional CPE sources and more autonomy from the previously NVD-only source model.

This release lays an important foundation for improving the GCVE ecosystem, especially by strengthening vendor and product references through better CPE source diversity, indexing, and matching capabilities. If you have ideas for further improvements, additional data sources, or better ways to refine vendor and product identification, we would be very happy to hear your feedback.

https://www.vulnerability-lookup.org/2026/03/22/cpe-guesser-2.0-released/

https://github.com/vulnerability-lookup/cpe-guesser

@circl
@gcve

#gcve #cve #opensource #cpe #vulnerability #vulnerabilitymanagement

Vulnerability-Lookup JSON dumps

Jean-Baptiste Maillet 4d ago

Josh Bressers 5d ago

1) A robot may not injure a human being or, through inaction, allow a human being to come to harm ... unless it makes a lot of money

2) A robot must obey the orders given it by human beings except where such orders would conflict with the First Law ... unless it makes a lot of money

3) A robot must protect its own existence as long as such protection does not conflict with the First or Second Law ... unless it makes a lot of money

Jean-Baptiste Maillet 5d ago

daniel:// stenberg://5d ago

"I'm concerned about LLM code in #curl and would like to suggest a code ban"

https://github.com/curl/curl/discussions/20972

I'm concerned about LLM code in curl and would like to suggest a code ban (please note this doesn't concern LLM-based code reviews) · curl curl · Discussion #20972

I'm concerned about generative AI LLM code in curl, including AI auto completion use in editors, and I'm wondering whether the project should adopt a policy to ban it. Please note this doesn't invo...

GitHub

Jean-Baptiste Maillet 5d ago

Alexandre Dulaunoy 6d ago

We found the cyber Amish :

https://codeberg.org/small-hack/open-slopware

🤦🏼‍♂️

#ai #cyberamish #aislop #opensource

open-slopware

Free/Open Source Software tainted by LLM developers/developed by genAI boosters, along with alternatives. Fork of the repo by @gen-ai-transparency after its deletion.

Codeberg.org

Jean-Baptiste Maillet Mar 16

RE: https://mastodon.social/@andrewnez/116233207828494924

Repeat after me, silently, in the voice of your internal monologue:
I accept the packages I cannot update.

"Do you see what I have to put up with?"
https://www.youtube.com/watch?v=bQDeNFv0geg

Jean-Baptiste Maillet Mar 16

Alexandre Dulaunoy Mar 14

At the @cert_eu conference in 2025,
@cryptosec gave an insightful presentation filled with many humorous references.

One particularly interesting slide addressed bureaucracy in information security, why it exists and what it really represents.

Those four points alone could be the start of a book.

https://cryptosec.org/docs/CERT-EU-2025/IR-CERT-EU-2025-v3-CLEAR.pdf

#risk #cybersecurity #bureaucracy

Show thread

Jean-Baptiste Maillet Mar 12

@todb what do ya mean "Stingray"?
$50-100k would be a bit overpriced for what I have in mind. But ho well, if Louis splad'ed its ass...
https://www.youtube.com/shorts/LhhLO7cgKMk