-
User[1] self-registration, creation and validation
-
Registration is done by a user with an email validation
-
Creation can be also done by an admin user instead of the self-registration
-
Self-registration is optional can be activated with a flag
-
Validation of each user registration is done by an admin
-
Password reset procedure is included in the portal (encrypted if PGP key is set by the user)
-
Each user can create one or more monitoring CPE notification
-
The creation of monitoring feed is based on the CPE values available from the cve-search back-end
-
The cve-portal is designed to be independent from the back-end (cve-search)
-
The user can select from vendor name, product name or even version CPE patterns can be partial patterns like cisco:webex
-
The user can create one or more notification destination(s)
[1] Users are composed of an email address (required), an affiliation (optional), a full-name (required) and a PGP key (optional).
- The development must be in Python 2 (at least)
- The web interface must use the Flask framework and Bootstrap CSS (plugins and extensions are allowed as long as security impact is reviewed)
- The development will be in GitHub on a public account given by CIRCL
- Security of the web application is vital and constant attention to security details must be performed
- Password information must be stored in a secure format (bcrypt-like)