The OSV schema aims to precisely describe vulnerabilities in a way tailored to the open source use case, with the goal of automating and improving vulnerability triage for developers and users of open source software, Google stated in a blog post published on June 24. The project could allow various developer tools to natively handle vulnerability information and make it easier for users of open source components to know whether particular vulnerabilities affect their applications.
The aim is to reduce the effort required to document vulnerabilities in open source projects, to make the issues easier to track, says Abhishek Arya, principal engineer in the Open Source Security group at Google.