'
HTML_FOOTER='
'
FILE_FORM='
'
#You can manually query the database by entering binary or source package names,
#a SHA-1 measurement of a package file or an CVE and DSA identifier:
OBJECT_FORM='
'
LAMBDA='λ'
INTRO_MSG='
TrustMiner is a tool for estimating the trustworthiness of software based on
past security incidents. The current prototype uses the Debian GNU/Linux
software repositories and security incidents database to provide security
assessments for Debian software packages and systems.
The purpose of this tool is to estimate the trustworthiness (or security
failure rate) of a given computer system (prover), as shown in the figure
below. This website implements the verification or assessment part of the
figure, and the client (you) can submit information to be evaluated.
'
ABOUT_REF='
The database is updated daily based on new Debian Security Announcements
and Debian package repositories. We mirror the current stable, unstable and
testing distributions for the official Debian package repository as well as
debian-multimedia and security updates repositories. The SHA-1 hash sums of
packages deleted from the official repositories are kept for one week.
Note that we do not consider whether your system has all the current security
patches installed, or if unpatched vulnerabilities are known for your system.
This information is already provided by debsecan and on the Debian website:
Packages with available updates: debsecan --only-fixed --suite sid