Added Mozilla data - larger policy clarification needed

1 view
Skip to first unread message

Kurt Seifried

unread,
Sep 13, 2022, 11:28:19 AMSep 13
to GSD Discussion Group
The scripts are at: https://github.com/kurtseifried/gsd-data-enrichment/tree/main/mozilla

it dumps the Mozilla data (conveniently: a CVE formatted JSON feed) into the namespaces:mozilla.org space.

Which leads to a thought: 

I'd like to suggest we make it official policy that third parties (e.g. me, random people) can dump data to a namespace (e.g. cisa.gov, mozilla.org) if the source of that data is public (e.g. a JSON feed, web pages), and the scripts/programs doing it are open source (so we can grab a copy/run it ourselves if need be) and the data is either already in JSON format or can be easily/cleanly converted into JSON (ideally in OSV format, but other formats are fine as long as it's consistent). 

This way the GSD doesn't add to the workload of third parties, or wait for them to do the work and build integrations. Essentially the projects that provide clean data feeds are welcome to push it to us, but if they are too busy/etc. the GSD can pull it in, and we also allow third parties to pull and push it into the GSD (as long as we can ensure it's "clean").



Kurt Seifried (He/Him)
Chief Blockchain Officer and Director of Special Projects
Cloud Security Alliance
Reply all
Reply to author
Forward
0 new messages