Dear Black Duck Team,
As a follow-up to: http://blog.openhub.net/2016/10/project-security/
Congrats on the initiative! This is quite a challenge and will be great to improve security in the Free / Libre / Open Source ecosystem. It's a fantastic complement to the existing data.
How do we report incomplete or incorrect data? Perhaps this could be added to the excellent description at: http://blog.openhub.net/about-pvr/
Please see an example of incorrect source data: https://tiki.org/Open+Hub+Project+Vulnerability+Report
Thank you so very much! This is very helpful. I'll open a ticket so we can look into this and double check the data we are receiving, how we are processing it, and how we are reporting / displaying it.
Thank you for your post. Yes, it has been fixed and its LIVE now.
Happy to help!
Thanks Rapbhan and Peter. That indeed added a whole bunch of missing data points.
I added some more feedback here:
I hope you are well.
The data is still incorrect which leads to the assertion of "Many reported vulnerabilities" here:
Please see release dates here: https://tiki.org/All+Releases
I added some more feedback here: https://tiki.org/Open+Hub+Project+Vulnerability+Report#FeedbackRound2
Marc Laporte - http://wikisuite.org/
Thanks for the feedback, Marc. I'll be bringing up with our Knowledge Base team from whom we obtain the raw data that we process into these reports.
We really dug into this and put the results in a blog post Researching Project Security Data.