A - CVE Crunch: Opt-in scanner/GitHub → NVD validation → GHSC model & verification UI/API

[DonnieBLT]

Idea A — CVE Detection & Validation Pipeline

One line: Opt-in pipeline from scanner/GitHub → NVD validation → GHSC model and verification UI/API.

Description: Discovers CVE-related contributions from webhooks and scanner output (e.g. Buttercup), validates against NVD, deduplicates and scores findings, and exposes them via a maintainer verification dashboard and REST API. Post-disclosure only; no raw exploit storage. Foundation for downstream rewards and education.

[S3DFX-CYBER]

@Pritz395 how would u mitigate the risks , the project is solid but risk is high

[Nachiket-Roy]

Rather than building a scanner, we should focus on verifying post-disclosure security contributions and rewarding them (BACON, perks, tiers) through a zero-trust, event-driven ledger system.

[DonnieBLT]

Could this be part of the CVE Mirror ? I think maybe this could be a feature of BLT Core

[Nachiket-Roy]

Yeah we can make CVE mirror idea as core rather than scanning

[Pritz395]

I created another project called the CVE Remediation Pipeline (Project M Mix Feast) that could be integrated with this. This would give us three components for our complete CVE solution:

1. CVE Scanning - handled by Project NetGuardian, which also addresses part of Project A’s scope

2. CVE Remediation Pipeline - covered by Project M, incorporating elements from both Project A and the CVE Mirror (Project S)

3. BACON Rewarding - managed by Project B, which ties everything together

@DonnieBLT @Nachiket-Roy @S3DFX-CYBER ,Since these efforts overlap significantly, we don’t need to keep Projects A, S, and M separate. I think merging these three would make more sense

[Nachiket-Roy]

Do we need A? Why not just S + M?

[Pritz395]

Do we need A? Why not just S + M?

I meant, refactoring project A to be S+M.

[Nachiket-Roy]

Also, I think we could implement the BACON, perks and unified reward engine, rewarding general contributions such as issues, PRs, labs, and quizzes. CVE-specific rewards can then be integrated later once the CVE mirror and remediation pipeline are stable.

[DonnieBLT]

I feel like this may be similar to the Netguardian project?

[Pritz395]

@DonnieBLT Yep, it’s basically NetGuardian, realised I was reinventing the wheel so I made another project after this: Project M (Mix Feast), which acts as the remediation pipeline, using AI guidance to help fix the CVE and tying into NetGuardian and BACON.

[Pritz395]

So we can make this project to be project S + project M rather?

[DonnieBLT]

I think BACON can be integrated into everything yes

[Nachiket-Roy]

Should we ask someone from community how would they like to use our platform(a mini survey or i might be overthinking ;))?