An open project to enumerate all known cloud vulnerabilities and CSP security issues
The vulnerability data in this GitHub repository is automatically derived to cloudvulndb.org
Security bugs in Cloud services tend to fall between the cracks, as they don’t fit well into the current shared responsibility model of cloud security. Remediation often requires a joint effort between both the CSP and their customers.
There is currently no universal standard for cloud vulnerability enumeration – CSPs rarely issue CVEs for security mistakes discovered in their services, there are no industry conventions for assessing severity, no proper notification channels and no unified tracking mechanism – this leads to a great deal of inefficiency and confusion. Our goal is to pave the way for a centralized cloud vulnerability database, by cataloging CSP security mistakes and listing the exact steps CSP customers can take to detect or prevent these issues in their own environments. We believe this project can prove the utility of a cloud VDB, bring more transparency into these issues, and ultimately make the cloud even more secure.
Please make sure that your contributions match our criteria for inclusion, and follow these guidelines:
- Written in the CVDB YAML format.
- Include public references (as URLs).
- Give credit.
- Use respectful language (avoid disparaging CSPs, vendors or researchers).
- Provide clear and detailed descriptions of the issue.