TheNexus Community “Members Only” area contains extensive video galleries, including Tips and Tricks with Nexus Professional and CLM by Brian Fox. Here’s an example from the Tips and Tricks series, “How CLM Make NVD Data More Useful“. Join the community to gain immediate access to complete “Nexus Live” series.
From Brian Fox
Part of the curation that we do when we get the vulnerability is we trace it down to the root cause as best as we can. Usually, that will trace it down to the affected class files. By tracing it to the class files, we find out which component is broken.
The curations that we do to take these vulnerabilities and apply them specifically to the affected components is really the only way to make this information actionable from a developer’s standpoint. There’s an impedance mismatch between the things that get reported in NVD and the things that the developers are actually choosing to use.
Latest posts by Brian Fox (see all)
- Java AutoModules Considered Bad for Your Health - January 23, 2017
- Did you wake up to an alert about the Java Deserialization vulnerability? - November 13, 2015
- Software Supply Chain Management: Lessons from other Industries [VIDEO] - July 29, 2015
- Nexus Lifecycle 1.15 Release - June 15, 2015
- Integrating SonarQube with Nexus Lifecycle - June 4, 2015