Skip to content

Latest commit

 

History

History
35 lines (23 loc) · 3.14 KB

README.md

File metadata and controls

35 lines (23 loc) · 3.14 KB

The Open Cloud Vulnerability & Security Issue Database ☁️⚠️

An open project to list all publicly known cloud vulnerabilities and CSP security issues

Changes and additions to this GitHub repository are automatically reflected at cloudvulndb.org.

Background

Security bugs in Cloud services tend to fall between the cracks, as they don’t fit well into the current shared responsibility model of cloud security. As a result, remediation often requires a joint effort between both the CSP and their customers.

There is currently no universal standard for cloud vulnerability enumeration – CSPs rarely issue CVEs for security mistakes discovered in their services, there are no industry conventions for assessing severity, no proper notification channels and no unified tracking mechanism – this leads to a great deal of inefficiency and confusion.

Our goal in this project is to pave the way for a centralized cloud vulnerability database, by cataloging CSP security mistakes and listing the exact steps CSP customers can take to detect or prevent these issues in their own environments.

We believe this project can prove the utility of a cloud vulnerability database (VDB), bring more transparency into these issues, and ultimately make the cloud even more secure.

This project was built on the foundations of Scott Piper’s “Cloud Service Provider security mistakes”, and as of June 28th, 2022, all content included here originally appeared in that repository.

Contribution guidelines

To contribute a new issue or suggest an edit to an existing one, please add a commit and our maintainers will review it for merging within a few days (but usually sooner). The changes will then automatically be reflected at cloudvulndb.org.

cloudvulndb.org is automatically updated according to changes made to this repository

Please make sure that your contributions match our criteria for inclusion, and follow these guidelines:

  1. Use the CVDB YAML format.
  2. Include public references (as URLs).
  3. Provide a clear and detailed description of the issue.
  4. Give the issue a descriptive and non-generic title.
  5. Give proper credit to the researchers involved in the discovery.
  6. Use respectful language (avoid disparaging CSPs, vendors or researchers).

Contact Us

To learn more about the Open CVDB and cloud vulnerabilites, watch the project maintainers talk at fwd:cloudsec 2022