CVE Bin

Published: Mon 21 October 2024

In misc.

CVE Bin

So we'll get this out of the way first: CVE Bin is thought of as a bin for CVE data. Now some places may have different connotations for what a bin is/isn't, so I'll leave that up to the user to decide which this really is.

However what is CVE Bin? * A downloaded copy of the NIST CVE databases * This data is fully mirrored worldwide * It should stay consistent-ish should NIST change the access method for the database to exclusively using the API

How do I find / look at the mirror data on cveb.in?

How do I access the mirror files?

I'm curious and nosey, how do I look at the mirrorlist data?

Fairly easy, though it's not pretty:

  • add '?mirrorlist' to the end of the url from the mirror files

Ok you aren't mandating https that's an issue right?

The files are signed, if you care about their validity that's frankly a more reasonable way of confirming it.

Ok where do I find the signing key for verification?

NIST

Seriously, we are not associated with NIST at all. They might, possibly, know of the existence of this but we are not run by, endorsed by, acknowledge by, nor anything else by NIST.

I mean, we'd be happy if any of the above changed, but I doubt it. We are an independent entity that just happens to have a different skill set, and knows how to deal with large scale content distribution. The CVE Database itself is important, and thus we have taken it upon ourselves to make it as trivially and as rapidly accessible as possible.

links

social