Component¶
In the context of the Vilocify service, a component can be any piece of software (both open source and commercial off-the-shelf), hardware, or combination thereof. Components can be e.g.
- operating systems like Microsoft Windows 10 or Red Hat Enterprise Linux Server 7
- software libraries like OpenSSL 1.0.2n or GNU Gzip 1.9
- specific hardware like Fujitsu Primergy RX300 S2 Server or Cisco Catalyst 3750 Series Switches
- combinations of hardware and software (when they are provided by the same vendor) like Cisco IOS on Catalyst 2960-XR Series Switches 15.x or Juniper Junos OS on SRX5800 Platform
- cloud components, for which the vendor is releasing security-related information like e.g. Amazon AWS CloudFront
The full list of components currently monitored by the Vilocify service can be found in the components section of the Vilocify Portal, additionally we also offer a REST API. Components in the Vilocify database have (amongst others) the following attributes:
- Vendor: The company, organization, open-source community, or author of the desired component.
- Component Name: The name used to describe the software/hardware component as given by the vendor.
- Version: The specific version of the software/hardware. Additionally, the Vilocify service monitors wildcard components, which group a specific range of versions. For example the wildcard version 2.x monitors all versions between version 2.0 (including) and version 3.0 (not including). Furthermore, All Versions components represent every subsequent version from the time the All Versions component is added to the Vilocify monitoring database.
- URL Link to the official vendor's page for the component.
- Monitored Since: The date since when the component has been added to the Vilocify monitoring service. This means that any vulnerabilities disclosed before that date might not be assigned to that component.
- EOL: End of Life, stating whether support for a component has been discontinued by its vendor. Generally no security updates can be expected for components marked as EOL. Not all vendors provide EOL information for their products. Thus, components without an EOL date are not necessarily still supported. Vilocify provides support information on a best-effort basis. Components are marked as EOL only when an official vendor statement exists, meaning that the support status is not automatically derived from e.g. the age of a component or the existence of newer versions.
Components in the Vilocify database are subject to regular reviews and quality checks. While small corrections of single attributes might occur, a registered component will never be updated in such a way that it represents a semantically different one. In case logical duplicate components are detected, one will be deactivated and replaced by the other. All resources (monitoring lists, existing notifications, API responses, etc.) will be automatically updated accordingly.