CVE Manager

Vulnerability management is a general term for the processes, tools, and mechanisms used by the openEuler community to detect, collect, handle, and disclose security vulnerabilities.

Obtain public vulnerability awareness information from cooperative vulnerability awareness systems, and use the robot to create and maintain vulnerability records in software package repositories on Gitee. After fixing vulnerabilities, start the general version build and release process and then the security notice release process. openEuler uses CVSS v3 for vulnerability scoring.

For the security of openEuler users, the openEuler community will not discuss, confirm, or disclose the security issues of an openEuler product until the vulnerability is investigated and resolved and the security notice is issued.

Feature description:

• Security notice: A security notice contains information related to the vulnerability, including the technical details, CVE number, CVSS rating, severity level, affected versions, and fixed versions.
• Subscription by email: The community also provides security notices in CVRF format.