Page MenuHomeMiraheze

Subscribe SRE to OpenCVE for notifications
Open, NormalPublic

Description

The person on SRE duty (and to a lower extent other SREs as well) was tasked with monitoring the mailing lists and other sources for new CVEs that are relevant for Miraheze. By discovering vulnerabilities in a timely, we can start mitigating the risks soon enough to be ahead of attackers exploiting vulnerabilities in the wild.

Manually monitoring for new CVEs is cumbersone and prone to human error, even though we're subscribed to multiple mailing lists. It pleases me to see services such as https://www.opencve.io/welcome: notifying you of new CVEs based on conditions imposed by Miraheze, for example, match any CVE mentioning 'MediaWiki' or 'MariaDB'.

Tagging on the general SRE dashboard since this is relevant for both teams. Question for you: should we try this service?

Event Timeline

Southparkfan triaged this task as Normal priority.Tue, Mar 30, 21:52
Southparkfan created this task.

Just noting that it's been decided to discontinue SRE duty due to the new team system and it didn't seem to be functioning anymore. The dashboard and links we've compiled have still been kept though as they're useful.

Just noting that it's been decided to discontinue SRE duty due to the new team system and it didn't seem to be functioning anymore. The dashboard and links we've compiled have still been kept though as they're useful.

Sorry for that incorrect wording, was tasked.

It looks like a useful service, so we should definitely give it a try and see from a security perspective.