This task is identified by as the content contains sensitive information such as code security bugs, privacy leaks, etc., so it is only accessible to contributors of this repository.
1, Explanations for some CVEs is not clear (esp. in Chinese), some details are removed compared with NVD descriptions. Hope to keep enough details to assist tracing CVE info later.
2, For patches: a brief description of solution may be NOT enough; it would be better to give detailed info about reasoniong, solution, remaining issues and future solutions. This can help OSV decide whether to accept the patch or not, or even suggest a better solution. (Do not care about the disk space needed. More info is more valuable.)
3, It would be better if the CVE info can be updated in time (or more frequently), so they can indicate the real problems in the system.
4, Sugegstion: give a chart or description about CVE handling process in HOME page of security SIG (if it already exists, please move it to the security HOME page.)
1, Explanations for some CVEs is not clear (esp. in Chinese), some details are removed compared with NVD descriptions. Hope to keep enough details to assist tracing CVE info later.
2, For patches: a brief description of solution may be NOT enough; it would be better to give detailed info about reasoniong, solution, remaining issues and future solutions. This can help OSV decide whether to accept the patch or not, or even suggest a better solution. (Do not care about the disk space needed. More info is more valuable.)
3, It would be better if the CVE info can be updated in time (or more frequently), so they can indicate the real problems in the system.
4, Sugegstion: give a chart or description about CVE handling process in HOME page of security SIG (if it already exists, please move it to the security HOME page.)
1, Explanations for some CVEs is not clear (esp. in Chinese), some details are removed compared with NVD descriptions. Hope to keep enough details to assist tracing CVE info later.
2, For patches: a brief description of solution may be NOT enough; it would be better to give detailed info about reasoniong, solution, remaining issues and future solutions. This can help OSV decide whether to accept the patch or not, or even suggest a better solution. (Do not care about the disk space needed. More info is more valuable.)
3, It would be better if the CVE info can be updated in time (or more frequently), so they can indicate the real problems in the system.
4, Sugegstion: give a chart or description about CVE handling process in HOME page of security SIG (if it already exists, please move it to the security HOME page.)
1, Explanations for some CVEs is not clear (esp. in Chinese), some details are removed compared with NVD descriptions. Hope to keep enough details to assist tracing CVE info later.
2, For patches: a brief description of solution may be NOT enough; it would be better to give detailed info about reasoniong, solution, remaining issues and future solutions. This can help OSV decide whether to accept the patch or not, or even suggest a better solution. (Do not care about the disk space needed. More info is more valuable.)
3, It would be better if the CVE info can be updated in time (or more frequently), so they can indicate the real problems in the system.
4, Sugegstion: give a chart or description about CVE handling process in HOME page of security SIG (if it already exists, please move it to the security HOME page.)
1, Explanations for some CVEs is not clear (esp. in Chinese), some details are removed compared with NVD descriptions. Hope to keep enough details to assist tracing CVE info later.
2, For patches: a brief description of solution may be NOT enough; it would be better to give detailed info about reasoniong, solution, remaining issues and future solutions. This can help OSV decide whether to accept the patch or not, or even suggest a better solution. (Do not care about the disk space needed. More info is more valuable.)
3, It would be better if the CVE info can be updated in time (or more frequently), so they can indicate the real problems in the system.
4, Sugegstion: give a chart or description about CVE handling process in HOME page of security SIG (if it already exists, please move it to the security HOME page.)