Skip to content

An open project to list all publicly known cloud vulnerabilities and CSP security issues

Notifications You must be signed in to change notification settings

blakedunson/open-cvdb

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

The Open Cloud Vulnerability & Security Issue Database ☁️⚠️

An open project to list all publicly known cloud vulnerabilities and CSP security issues

Changes and additions to this GitHub repository are automatically reflected at cloudvulndb.org.

Background

Security bugs in Cloud services tend to fall between the cracks, as they don’t fit well into the current shared responsibility model of cloud security. As a result, remediation often requires a joint effort between both the CSP and their customers.

There is currently no universal standard for cloud vulnerability enumeration – CSPs rarely issue CVEs for security mistakes discovered in their services, there are no industry conventions for assessing severity, no proper notification channels and no unified tracking mechanism – this leads to a great deal of inefficiency and confusion.

Our goal in this project is to pave the way for a centralized cloud vulnerability database, by cataloging CSP security mistakes and listing the exact steps CSP customers can take to detect or prevent these issues in their own environments.

We believe this project can prove the utility of a cloud vulnerability database (VDB), bring more transparency into these issues, and ultimately make the cloud even more secure.

This project was built on the foundations of Scott Piper’s “Cloud Service Provider security mistakes”, and as of June 28th, 2022, all content included here originally appeared in that repository.

Contribution guidelines

To contribute a new issue or suggest an edit to an existing one, please add a commit and our maintainers will review it for merging within a few days (but usually sooner). The changes will then automatically be reflected at cloudvulndb.org.

cloudvulndb.org is automatically updated according to changes made to this repository

Please make sure that your contributions match our criteria for inclusion, and follow these guidelines:

  1. Use the CVDB YAML format.
  2. Include public references (as URLs).
  3. Provide a clear and detailed description of the issue.
  4. Give the issue a descriptive and non-generic title.
  5. Give proper credit to the researchers involved in the discovery.
  6. Use respectful language (avoid disparaging CSPs, vendors or researchers).

Contact Us

To learn more about the Open CVDB and cloud vulnerabilites, watch the project maintainers talk at fwd:cloudsec 2022

About

An open project to list all publicly known cloud vulnerabilities and CSP security issues

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published