This edition is primarily about one recent project of mine, but there are a few other resource links after the jump in case you care not about writing an API caching proxy in Go.

NIST maintains the National Vulnerability Database, which is a repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

They've been threatening to shut down the giant vulnerability feed files for a while now, shunting folks to use their enhanced API endpoints. It's a fancy and robust API, but — as a data scientist — those large file dumps are preferred, since we data folks tend to really dislike having to make individual API calls for single records.

Another bummer with NVD's new approach is the enforcement of a ~1-second delay (longer if not auth’d) between subsequent, authenticated requests. I grok why they do this. Skeezy security vendors and clueless researchers would just end up using NVD as a janky “database” if such restrictions were not in place.

This additional API friction was just annoying enough for my personal projects that I ended up building a tiny, caching REST API “proxy” in Go for the https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=:cveid: that I host on my personal tailnet.

Today's Bonus Drop provides a link to the project and includes a light walkthrough of the project. I went with the Knowledge Drop for this Bonus Drop as this tiny project has significantly improved my quality of life (when it comes to personal vulnerability info hacking). As such, it may be a useful framework for others to implement something similar, since I know we cybersecurity folk are not alone when it comes to having to deal with APIs vs “just give me the whole thing”.