Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should we consider adding web3 vulnerabilities classification? #69

Open
mattaereal opened this issue Sep 26, 2024 · 3 comments
Open

Should we consider adding web3 vulnerabilities classification? #69

mattaereal opened this issue Sep 26, 2024 · 3 comments
Labels
collab Content suggestion or request help wanted Extra attention is needed question Further information is requested

Comments

@mattaereal
Copy link
Collaborator

What content are you looking to add?

A web3 vulnerabilities classification.

Why do you think it is important?

Most of the current ones are outdated or unmaintained afaik. Maybe if this lives inside the repo, it might have a better chance to keep it updated.

Can you cite resources where to base the content from?

https://swcregistry.io/
https://securing.github.io/SCSVS/
https://github.com/sigp/solidity-security-blog
https://dl.acm.org/doi/fullHtml/10.1145/3391195#sec-9
https://nvd.nist.gov/vuln/detail/CVE-2023-40014

@mattaereal mattaereal added collab Content suggestion or request help wanted Extra attention is needed question Further information is requested labels Sep 26, 2024
@pcaversaccio
Copy link

For further reference, see here the previous discussion between @kajaaz and myself.

@Robert-MacWha
Copy link
Contributor

Oh yes let's do this.

I imagine ISAC already has some schema in use. I'll go ask about it, but if not this could be a very helpful thing for SEAL to maintain.

@mattaereal
Copy link
Collaborator Author

I'd only like to clarify that in the conversation @pcaversaccio had with @kajaaz, kaj was more inclined toward having something to categorize vulnerabilities as in CVE-style. That is out of the scope of frameworks, but @pcaversaccio and I agreed that it might be a good idea that frameworks hold the categorization upon which someone else can create this other different product.

It might be a separate initiative, who knows?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
collab Content suggestion or request help wanted Extra attention is needed question Further information is requested
Projects
None yet
Development

No branches or pull requests

3 participants