Hi,
Per Smith's excellent question about how to find information about
Bluetooth and other network protocol and operating system new
vulnerabilities, during our IDS session yesterday at the Joint PWG/OP
Summit Virtual F2F May 2021:
https://us-cert.cisa.gov/ncas/bulletins
Note that CVEs (Common Vulnerabilities and Exposures) each have a
CVSS (Common Vulnerability Scoring System) rating (scroll down below
to see the v2.0 and v3.0 ranges):
https://nvd.nist.gov/vuln-metrics/cvss
The CISA weekly bulletins still use the CVSS v2.0 scheme, while the NVD
(National Vulnerability Database) and most vendor reports use the newer
CVSS v3.0 scheme (more rigorous):
<goog_476697645>
https://nvd.nist.gov/
It's worthwhile scanning the weekly CISA bulletins, but they do typically
list several hundred new vulnerabilities every week! So scanning takes
an hour or more.
At the SAE Vehicle Electrical System Security (TEVEES18) bi-weekly
calls, the first 15-20 minutes are highlights from the two most recent
CISA bulletins (ones that clearly impact recent automobiles). That's
the most lively and valued part of the news items in that meeting.
Cheers,
- Ira
*Ira McDonald (Musician / Software Architect)*
*Chair - SAE Trust Anchors and Authentication TF*
*Co-Chair - TCG Trusted Mobility Solutions WG*
*Co-Chair - TCG Metadata Access Protocol SG*
*Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer
Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF
Designated Expert - IPP & Printer MIBBlue Roof Music / High North
Inchttp://sites.google.com/site/blueroofmusic
<http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc
<http://sites.google.com/site/highnorthinc>mailto: blueroofmusic at gmail.com
<blueroofmusic at gmail.com>(permanent) PO Box 221 Grand Marais, MI 49839
906-494-2434*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ids/attachments/20210507/b6abc380/attachment.html>