(November 1 2022 Critical High vulnerabilities) tracking
This is the GitHub for the companion spreadsheet for fast tracking of information about the November OpenSSL 3 vulnerability.
- Orgs - companies, vendors, and other orgs, with public signals of potential vulnerability, blog links, KBs, etc
- OS and Packages - tracking of operating systems and package frameworks
- Products - individual products, with both likely and confirmed OpenSSLv3 status as available - NSCS-NL list rapidly coming more authoritative - focus your PRs there!
Any strong public signals of products or organizations being affected (or unaffected) are in scope.
Is this undue diligence? Perhaps. But even if this vulnerability is not widely exploitable, I'd "rather have and not need it than need it and not have it". Also, this work is now forward-ready for future vulnerabilities! 😛
Because GitHub limits the width of some data, it may be easiest to view the spreadsheet.
You can also install the Stylus and Widescreen for GitHub Chrome extensions for more real estate.
- If you're familiar with git, you can submit updates as PRs.
- Otherwise, you can open an issue or even (worst case) ping @TychoTithonus on Twitter or send an email.
- Push to GitHub Pages for better display and DataTables filtering
This information is part of an occasional series, The Story So Far. The recent entry about log4j was the only non-institutional resource included in CISA's official log4j guidance.