Open Cloud: Vulnerability & Security Issue Database

guest · Aug 7, 2022

An open project to list all known cloud vulnerabilities and Cloud Service Provider (CSP) security issues
August 8, 2022

Numerous vulnerabilities also lurk in the cloud, and administrators of cloud solutions should address the issue. But where can you get an overview of security risks or even vulnerabilities in relation to the various cloud providers? There is an Open Cloud project, which started at the end of June 2022 and aims to make security vulnerabilities in cloud services public.

I had noticed this in time, but only now find the opportunity to briefly mention it here in the blog. The following tweet points to the offer of The Open Cloud Vulnerability & Security Issue Database.
Click to expand...

Maybe just take a look at this database to get a chance to get an overview about cloud vulnerabilities.
Click to expand...

guest · Aug 8, 2022

The Open Cloud Vulnerability & Security Issue Database (Open CVDB)
Website (GitHub)
About

Mission Statement
Security bugs in cloud services tend to fall between the cracks, as they don’t fit well into the current shared responsibility model of cloud security. As a result, remediation of cloud security vulnerabilities often requires a joint effort between both the CSP and their customers.

There is currently no universal standard for cloud computing vulnerability enumeration – CSPs rarely issue CVEs for security mistakes discovered in their services, there are no industry conventions for assessing severity of cloud vulnerabilities, no proper notification channels and no unified tracking mechanism – this leads to a great deal of inefficiency and confusion surrounding cloud vulnerability management.

Our goal in this project is to pave the way for a centralized cloud vulnerability database, by cataloging CSP security mistakes and listing the exact steps CSP customers can take to detect or prevent these issues in their own environments.
We believe this project can prove the utility of a cloud vulnerability database, bring more transparency into these issues, and ultimately make the cloud even more secure.
Click to expand...

Criteria
We define the following criteria for inclusion in this database:

Publicly known cloud vulnerabilities or security issues in cloud services;

With or without an assigned CVE;

That had a proven actual or potential impact on cloud customers;

And required remediation actions on either side of the shared responsibility model.

Click to expand...

Examples include:

Security issues in default misconfigurations

Vulnerabilities in CSP-provided client software

Click to expand...

Log in or Sign up

Open Cloud: Vulnerability & Security Issue Database

guest Guest

guest Guest

Log in or Sign up

Open Cloud: Vulnerability & Security Issue Database

guest Guest

guest Guest

Useful Searches