Tags are one of the main ways we use organize vulnerabilities in VHP.
Tags can be gathered automatically, or manually, or with a combination
of both. Here are a few different types of tags below.
Lesson tags are about broader lessons that can be
learned from that vulnerability. These are security principles
and engineering pitfalls that we believe should be taught to all
software engineers.
Discovered tags are about how the vulnerability was originally found.
Lifetime tags indicate how long we believe the vulnerability remained in the system.
CWE, or Common Weakness Enumeration, tags are
manually assigned by curators to describe the particular type of
vulnerability.
Subsystem tags are the curators' best efforts at
determining what part of the system this vulnerability
affected
.
Project tags are the case study the vulnerability is from.
Language tags are what type of source code was fixed.
Severity tags are based on the NVD's CVSS.
We're sorry, we had trouble loading the data...
Tags are sized by the number of times they have been applied. Tags with zero or one vulnerability are not shown.
The Vulnerability History Project
