Risk identification
by Sven Vermeulen, post on Thu 14 October 2010Risk identification is a difficult subject. Analysts need it to defend mitigation strategies or to suggest investments. Yet risk identification is often a subjective method, especially in the IT industry. How do you give a number on a certain risk? When do you believe that that number exceeds a threshold …
cvechecker 1.0 released
by Sven Vermeulen, post on Fri 01 October 2010With only a few small bugfixes between this release and the previous one, cvechecker 1.0 has finally been released. It runs fine on my few systems and I have not gotten any bugreports from other users anymore. It can definitely need more rules to identify installed software (those rules …
cvechecker 0.6 released
by Sven Vermeulen, post on Wed 08 September 2010This release makes me quite happy, because it resolves one major PITA I had (performance), but you know how things go. If it works fine for the developer, it's probably an abomination for the rest of the world. Anyhow, cvechecker version 0.6 is now available. It improves reporting performance …
cvechecker 0.5 released
by Sven Vermeulen, post on Thu 02 September 2010A new intermediate release of cvechecker is now released. The tool is reported to build properly on NetBSD and FreeBSD as well (although much user experience there is still welcome), introduces a cvereport command (example output), has lowered its initial dependency requirements and pullcves now only loads the CVE XML …
cvechecker 0.4 released
by Sven Vermeulen, post on Wed 25 August 2010Albeit with less updates than 0.3 had, cvechecker 0.4 brings in internal project files reorganization (more to the liking of the GNU autoconf/automake standards - I think), fixes a databaseleak (instead of memoryleak ;-) bug and introduces a teenie weenie bit more intelligent pullcves command (with multiple return code …
cvechecker userguide
by Sven Vermeulen, post on Sun 22 August 2010Just a quick note, I've created and uploaded the cvechecker userguide.
cvechecker 0.3 released
by Sven Vermeulen, post on Fri 20 August 2010Time for a new intermediate cvechecker release, so here it is. Changes include (beyond the usual bugfixes) different CSV output (with some sort of version support) so that it can be easily used for reporting purposes, removal of debugging/verbose items and added example files for reporting.
cvechecker 0.2 released
by Sven Vermeulen, post on Mon 16 August 2010I've made version 0.2 available of
cvechecker. It fixes some build
warnings and also supports the normal "make install" step. The
pullcves command now also pulls in the latest versions.dat
file.
Special thanks to Per Andersson for reporting that the ./configure
didn't fail if sqlite3 or libconfig wasn't …
cvechecker 0.1 released
by Sven Vermeulen, post on Sat 14 August 2010cvechecker version 0.1 is out. This is the first publicly available development release, so it's still far from production-ready yet. However, it is usable so it can now be publicly analyzed to remove all icky bugs and such. I'm not planning (m)any new features (apart from the reporting …
Linux Sea sources online, cvechecker still in development
by Sven Vermeulen, post on Fri 23 July 2010First of all, I've put the sources for Linux Sea online at GitHub. Not only does that safeguard any latest changes from not hitting my backup in time before my laptop dies (it's terminal, but I can't let him go yet ;-) but it also allows people who want to help …