Hi Tushar, Thanks for reaching out and your interest into our CVSS scoring. Right now I couldn't find any license reference to the YAML file you've linked, but it should be the same as our OVAL data that is under the Creative Commons License 4.0 with Attribution (CC-BY-4.0), and also includes the CVSS score. https://www.suse.com/support/security/oval/ I try to find out about the YAML file as well, but this could take a couple days. Best regards, Alex~ On Tue, Jan 10, 2023 at 01:05:23PM -0000, Tushar Goel wrote:
Hey,
We would like to integrate the suse backport [1][2] and suse scoring [3][4] data in vulnerablecode [5] which is a FOSS db of FOSS vulnerability data. We were not able to know under which license this security data comes. We would be grateful to have your acknowledgement over usage of the suse security data in vulnerablecode and have some kind of licensing declaration from your side. [1] - http://ftp.suse.com/pub/projects/security/yaml/ [2] - https://github.com/nexB/vulnerablecode/pull/1053 [3] - https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml [4] - https://github.com/nexB/vulnerablecode/pull/1050 [5] - https://github.com/nexB/vulnerablecode
Regards,
--
Alexander Bergmann