Regarding the new CVE prefix

[Tom Levy]

Hello, I have noticed that today there was a new batch of OSV entries that contained the new prefix "CVE".

Can you please clarify how you extract the information regarding this prefix?

Is that some sort of commit crawler which go through linux.git and find potential vulnerabilities?

Also, the unique ID number which attached to every OSV entry with the CSV prefix has some sort of meaning? is that a RESERVED CVE or just a unique number you using to distinct the entries, and doesn't have any sort of connection to actual CVEs.

Thanks, Tom.

[ochang]

Hi Tom,

Sorry for the very delayed reply -- I missed this message.

This data is from the DWF project: https://github.com/distributedweaknessfiling/dwflist, which has since moved to https://github.com/cloudsecurityalliance/security-database and switched to using IDs with "UVI-" prefixes. 

Cheers,

Oliver