Defining the properties of a high quality OSV record (for import by OSV.dev)

[Andrew Pollock]

Hello again,

Following up from my previous email, the draft definition of the properties of a high quality OSV record, which OSV.dev would in the future require for successful record import, is beginning to firm up in https://github.com/google/osv.dev/pull/2193 and is ready for broader feedback.

Please feel free to comment directly on the PR. We will be attending this week’s APAC-friendly OpenSSF Vulnerability Disclosures Working Group meeting if you’d like to discuss interactively, otherwise please feel free to engage on the pull request, via the OpenSSF Slack, or direct email.

regards

Andrew

--

Andrew Pollock Software Engineer, Google Open Source Security Team | apol...@google.com Google LLC

This email is confidential. If you are not the right addressee, please inform the sender and please erase this email including any attachments.