-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REQUEST: Add project Robot Vulnerability Scoring System (RVSS) #5
Comments
I don't mind extending the existing source code and rossifying it (ROS 2) however I'd first prefer to receive approval that the request is sound and fits within the goals of the WG. In fact @ros-security/approvers and @ros-security/reviewers, would it maybe be more appropriate to build it within the ROS 2 CLI in the following form?
|
👍 to that. Chatting with @kyrofa there is definitely interest in looking closer at all the work you guys have been doing and particularly RVSS. Would you (Alias) be interested in presenting the RVSS project in more details during a WG meeting ?
A ros2cli integration would be a nice way to bring it in the ROS 2 ecosystem 👍 |
Great to hear that @mikaelarguedas!
No problem! I think 15-20 mins will do including a few demonstrations with real vectors. Added it to the agenda next 31st. Resources available at https://github.com/aliasrobotics/RVSS (paper).
Can you elaborate more on this @mikaelarguedas? This sounds like the easiest way to go. Can you walk me through what's on your mind for the sros2 extensions? Do you have sketch or prototype? Happy to work together on this. Thinking about this though, the following questions popped:
|
As the meeting on the 31st is the last one before feature freeze for Foxy, we may have a LOT of stuff to discuss to make sure we wrap up all the pending development in time (sros2 changes for rmw_contexts, secure logging plugin for Fast-RTPS, support for security in cyclonedds, API cleanup for sros2...). So it may be better to schedule it after Foxy wrap-up to make sure to leave enough time and brainspace to have a meaningful discussion. I'm actually leaning towards a dedicated meeting to make sure other items don't come cutting this discussion short.
To be fair I haven't though about how a plugin system for I think in either cases the goal would be to not have a separate |
All right, let's plan for a later session then :). |
@vmayoral now that Foxy is out the door, would you be up for presenting RVSS at the next Security WG meeting (June 23rd)? To be clear, no vote will be happening at that meeting, we're just looking to learn more about it to inform such a vote. |
Very well, let's move the conversation over there. |
This hasn't been udpated since last year. Things that have happened:
No updates on this so far so I'm temporarily closing this ticket to keep things tidy. |
Description
The present project focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables such as time since vulnerability disclosure or exposure on the web.
See mikaelarguedas/rep#1 (comment).
Shortly, empower roboticists with better, more adequante (in the robotics context) severity scoring mechanisms.
See https://arxiv.org/pdf/1807.10357.pdf for more.
Existing URL
https://github.com/aliasrobotics/RVSS
Requirements
Builds on ROS 2 master with no warnings, not built as a ROS package ATMcolcon test
runs successfullySponsors (if applicable)
The text was updated successfully, but these errors were encountered: