2.5. Generalize CPE and CVE datasets to match user expectations

[MaryBak]

Description
Our current processing excludes some CVEs (for example, those without an entry on the site). We also match certificates and CVEs to CPEs-only and not to CPE match criteria, so NIST’s NVD website may show more CPE-like entries than ours. This should be changed so that the datasets include everything (the records will also need to change to include the data that we filter on), and only our matching and other heuristics should filter them

Details for underlying issues and ideas for implementation:
Issues #468 and #483 explain the general idea. Our current processing leads to some CVEs being excluded (not having an entry on the site for example). We also match certificates and CVEs to CPEs-only and not to CPE match criteria, so NIST’s NVD website may show more CPE-like entries than ours. This should be changed so that the datasets include everything (the records will also need to change to include the data that we filter on) and only our matching and other heuristics should filter them.

Additional context
CCAT project

[J08nY]

Adding context from chat (from @adamjanovsky):

Recent cve.json dataset doesn't contain RoCA vuln (CVE-2017-15361)
My guess is:

sec-certs/src/sec_certs/dataset/cve.py

Line 183 in 30f8746

if vuln["cve"]["vulnStatus"] in {"Analyzed", "Modified"}:

[J08nY]

Partially handled in #610 (see also #609) though perhaps we should be even wider and have all the CVEs.