{"id":39572,"date":"2021-02-11T09:30:04","date_gmt":"2021-02-11T09:30:04","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/"},"modified":"2021-02-11T09:30:04","modified_gmt":"2021-02-11T09:30:04","slug":"open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/","title":{"rendered":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present"},"content":{"rendered":"<p><span data-label=\"hands on\">Hands On<\/span> Google has big ambitions for its new Open Source Vulnerabilities database, but getting started requires a Google Cloud Platform account and there are other obstacles that may add friction to adoption.<\/p>\n<p>The Chocolate Factory is not happy with the state of open-source software security, which is a big deal not least because its own business and cloud platform depends on open-source code. The company wants to see more discipline and checks in critical open-source software, and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/02\/04\/google_open_source_security\/\" rel=\"noopener noreferrer\">revealed<\/a> that it maintains its own private repositories for many projects to guard against compromised code or newly committed vulnerabilities.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",button,mpu,\" data-sm=\",button,mpu,\" data-md=\",button,banner_plus,mpu\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>One of the security team&#8217;s suggestions was for new ways to manage vulnerability data, including &#8220;precise vulnerability metadata from all available data sources.&#8221; It also wished for &#8220;better tooling&#8230; to understand quickly what software is affected by a newly discovered vulnerability.&#8221;<\/p>\n<p>The company has now answered the need, or so it hopes, by creating the <a target=\"_blank\" href=\"https:\/\/osv.dev\/\" rel=\"noopener noreferrer\">Open Source Vulnerabilities<\/a> (OSV) database and API, which lets developers or users of open-source projects query for flaws in the particular version they are using.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",button,mpu_plusplus,\" data-sm=\",button,mpu_plusplus,\" data-md=\",button,mpu_plusplus,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;For each vulnerability, we perform bisects to figure out the exact commit that introduces the bug, as well the exact commit that fixes it,&#8221; the docs explain. The database is small at the moment, being mainly based on Google&#8217;s own <a target=\"_blank\" href=\"https:\/\/github.com\/google\/oss-fuzz\" rel=\"noopener noreferrer\">OSS-Fuzz<\/a> project, which uses fuzzing, deliberately introducing random inputs for the purpose of finding bugs. The project has found more than 25,000 bugs in 275 open-source projects. In fact, Google originally created OSV specifically for OSS-Fuzz and these internal origins are evident in what has now been made public.<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"8\"><a href=\"https:\/\/regmedia.co.uk\/2021\/02\/10\/howosvworks.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/02\/10\/howosvworks.png\" alt=\"A partly aspirational diagram of how Google intends OSV to work once hooked up to more than the in-house OSS-Fuzz project\" title=\"A partly aspirational diagram of how Google intends OSV to work once hooked up to more than the in-house OSS-Fuzz project\" height=\"282\" width=\"536\"><\/a><\/p>\n<p class=\"text_center\">A partly aspirational diagram of how Google intends OSV to work once hooked up to more than the in-house OSS-Fuzz project<\/p>\n<\/div>\n<p>One of the key features in OSV is the use of bisection, a technique for identifying which change to the code introduced a bug and which one fixed it. Google <a target=\"_blank\" href=\"https:\/\/security.googleblog.com\/2021\/02\/launching-osv-better-vulnerability.html\" rel=\"noopener noreferrer\">said<\/a> that open-source project maintainers &#8220;don&#8217;t always have the bandwidth to create and publish thorough, accurate information about their vulnerabilities even if they want to.&#8221; The idea is that simply providing a test case to OSV that reproduces the bug will be enough to narrow down the precise version of the code that is affected.<\/p>\n<p>Why bother with OSV when we have CVE (Common Vulnerabilities and Exposures), which has 148,882 records, many more than OSV, and is already embedded in the community? &#8220;We plan to aggregate existing vulnerabilities feeds (such as CVEs). OSV complements CVEs by extending them with precise vulnerability metadata and making it easier to query for them,&#8221; state the docs. Google&#8217;s security team considers that &#8220;versioning schemes in existing vulnerability standards (such as Common Platform Enumeration (CPE)) do not map well with the actual open source versioning schemes, which are typically versions\/tags and commit hashes. The result is missed vulnerabilities that affect downstream consumers.&#8221;<\/p>\n<p>It is early days and currently project maintainers cannot even edit or add to details in the database regarding their own code. &#8220;We are working on a way for project maintainers to edit relevant OSV vulnerabilities by creating a pull request,&#8221; the docs say.<\/p>\n<p>We followed the Getting Started instructions for querying the database, expecting an open API, but immediately landed in a Google-shaped world. In order to run queries, developers have to sign into Google, sign up for Google Cloud Platform, and create a Cloud Platform Project. Next, we had to join a Google Group from the same account, otherwise there is an error when attempting to call the API.<\/p>\n<div class=\"CaptionedImage Center Border\" readability=\"8\"><a href=\"https:\/\/regmedia.co.uk\/2021\/02\/10\/osv-example.png\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2021\/02\/10\/osv-example.png?x=648&amp;y=462&amp;infer_y=1\" alt=\"Once fully signed up, we were able to query the OSV API using curl\" title=\"Once fully signed up, we were able to query the OSV API using curl\" height=\"462\" width=\"648\"><\/a><\/p>\n<p class=\"text_center\">Once fully signed up, we were able to query the OSV API using curl<\/p>\n<\/div>\n<p>The next step is to create credentials for calling the API and copy the API key that is generated. At this point we had to decide whether to restrict use of the key to specified IP addresses or apps, or whether to allow unrestricted use. Once we had a key, we were able to add the API to the Cloud Platform Project in the same way that would be used for other Google APIs such as Maps, Cloud Vision, Speech to Text, Calendar or Sheets. Developers have to agree to the Google API Terms of Service. Finally, we were able to enable the API and call it with curl, getting details in JSON format of a Chromium bug.<\/p>\n<p>&#8220;The API key requirement is an unfortunate requirement but it&#8217;s necessary for the higher QPS [Queries per Second] allowed by the API and to prevent abuse,&#8221; <a target=\"_blank\" href=\"https:\/\/github.com\/google\/osv\/issues\/63#issuecomment-776277321\" rel=\"noopener noreferrer\">said<\/a> Google software engineer Oliver Chang.<\/p>\n<p>The problem with all the above is that the OSV comes across as a Google internal project which happens to be semi-public, rather than something that belongs to the open-source community. It seems curious that the company has not done this in association with the OpenSFF (Open Source Security Foundation), to which it belongs. Requiring users to sign up for Google Cloud Platform and jump through other hoops in order to query the database is not a great way to encourage adoption.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",button,dbutton,mpu_plus,dmpu,\" data-sm=\",button,dbutton,mpu_plus,dmpu,\" data-md=\",button,dbutton,mpu_plus,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener noreferrer\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Despite these reservations, the API looks good. Developer tools could use it to answer the specific question: what are the vulnerabilities in the exact versions of the open-source libraries in use by this application? Its usefulness though will depend on attracting broad support, so these early obstacles are unfortunate. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2021\/02\/11\/google_osv_database\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Cloud Platform account required, API key comes with Ts&amp;Cs Hands On\u00a0 Google has big ambitions for its new Open Source Vulnerabilities database, but getting started requires a Google Cloud Platform account and there are other obstacles that may add friction to adoption.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-39572","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-11T09:30:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present\",\"datePublished\":\"2021-02-11T09:30:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/\"},\"wordCount\":903,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/\",\"name\":\"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-02-11T09:30:04+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/","og_locale":"en_US","og_type":"article","og_title":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-11T09:30:04+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present","datePublished":"2021-02-11T09:30:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/"},"wordCount":903,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/","url":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/","name":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-02-11T09:30:04+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2YClb9eysHkOOOeHTv7t-XgAAAFU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/open-source-vulnerabilities-database-nice-idea-but-too-many-google-shaped-hoops-to-jump-through-at-present\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Open Source Vulnerabilities database: Nice idea but too many Google-shaped hoops to jump through at present"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39572","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39572"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39572\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39572"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39572"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39572"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}