Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CPEs missing for some vulnerabilities #54

Open
aep7128 opened this issue May 26, 2023 · 2 comments
Open

CPEs missing for some vulnerabilities #54

aep7128 opened this issue May 26, 2023 · 2 comments
Labels
bug Something isn't working enhancement New feature or request medium priority Mark the issue as a medium priority task

Comments

@aep7128
Copy link
Contributor

aep7128 commented May 26, 2023
edited
Loading

We compare with NVD's CPE dictionary to check if the generated CPE actually exists.
This has been preventing some CPEs from being stored.
Let's not check against the dictionary anymore and see if we can just generate them either way.
@aep7128 aep7128 added bug Something isn't working enhancement New feature or request medium priority Mark the issue as a medium priority task labels May 26, 2023
@aep7128 aep7128 self-assigned this May 26, 2023
@aep7128
Copy link
Contributor Author

aep7128 commented May 31, 2023
edited
Loading

This is likely because of 2 things:
1.) The product extractor has a hard cap of 1000 CVEs per run, any run that finds more than 1000 CVEs won't guarantee CPEs for all CVEs found
2.) the model's accuracy is a bit questionable. From testing in staging, the model failed to find CPEs for over 3000 CVEs, which is almost half of the total CVEs found.

Could also be related to this issue: https://github.com/orgs/SoftwareDesignLab/projects/1/views/1?pane=issue&itemId=29267289

@aep7128 aep7128 removed their assignment May 31, 2023
@aep7128
Copy link
Contributor Author

aep7128 commented Jun 9, 2023

Might be fixes w/ product extraction tasks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working enhancement New feature or request medium priority Mark the issue as a medium priority task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aep7128