Description
ATM in VCIO a vulnerability is an object created by the culmination of multiple advisories. We will use the NVD importer publish date as default for each vulnerability, in case an advisory from the NVD is not being used in that vulnerability we will use the most oldest publishing date from other importers' advisory.
Ways to achieve this:
-
1.) Store two DateTime fields in the vulnerability model,
nvd_published_dateandlatest_published_date. We will populatenvd_published_datewith the date/time of the NVD advisory publishing date and andlatest_published_datewill be keep changing as new advisories add any data in the Vulnerability, if we havenvd_published_datefor a vulnerability we will always use it as a default date. -
2.) For every vulnerability, get a list of advisories that have the aliases of that vulnerability. If any advisory from that list is from the NVD use that date otherwise use the oldest date of publish among those advisories
-
3.) Store a list of advisories that are used in the creation of that vulnerability in the Vulnerability model and compute the date of publish from that list of advisories. If any advisory from that list is from the NVD use that otherwise use the oldest date of publish among those advisories