Inspiration
NCSC's blog describing a new method of evaluating vulnerabilities as 'forgivable' or 'unforgivable'. Bad stories of independent security researchers submitting bugs to bounty programs only for the organisation to take months to respond with a patch.
What it does
Take CVEs and bug bounty data from popular sites and visualise with graphs.
How we built it
Python Flask backend. MongoDB cloud. React frontend.
Challenges we ran into
API rate-limiting and pagination meant we couldn't follow original plan of just storing lots of JSON files. Overcame with MongoDB and caching recent searches.
Accomplishments that we're proud of
Used cvedetails.com API to get vulnerabilities for software products. Visualised data in time series line graph.
What we learned
Solving the "it works on my machine" problem can be hard.
What's next for CVE Beautify
Extract keywords from vulnerability summaries to understand what parts of a product's code is often the fault. Provide links to GitHub history for open source software that fixed the vulnerability.
Log in or sign up for Devpost to join the conversation.