Note: This project will be discontinued after December 13th, 2021.
- Bootstrapping problem - Vulncode-DB ’s usefulness depends on having unique content. We can automatically detect some vulnerability patches via CVE/NVD metadata. We can also highlight relevant sections and annotate them in a write-up fashion. We also allow users to modify or annotate content themselves. However, this by itself is insufficient to make anyone use the platform. You need much and high-quality data first to make this useful, which a prototype like ours can’t attain at this stage without extensive investment.
- Lack of community support - While there was some positive feedback there have been only a few contributors. The platform and vision seem to be inadequate to get more practical support.
- Insufficient resources - Developing the platform and for example a feature like a version control system for user moderated content similar to Wikipedia requires much engineering work for which we, as 20% contributors, are understaffed.
- Added value unknown - Even if all of the above would be solved it’s still unclear whether the platform would provide sufficient value for individuals to justify a dedicated project. You can go to CVE details or Google for write-ups to learn more about a vulnerability. This is an established habit, hard to break and might already be good enough for individuals to learn more.
How and when?
- The repository at https://github.com/google/vulncode-db will be kept alive. However, we’ll discontinue the https://vulncode-db.com website and API after December 13th, 2021.
Do you have feedback/ideas for how it should be continued?
- We’re open to feedback, let’s talk! You can reach us via https://twitter.com/evonide (rhabalov [at] gmail.com) or https://twitter.com/bluec0re.
Finally, thank you to all contributors and individuals who supported the project. We are very grateful for your support, time and feedback.
Ruslan and Timo