Plan storing of exploits and EPSS based advisories

[TG1999]

Currently, we store exploits in AdvisoryExploits and associate them with other advisories. If we can find any related identifier in aliases or advisory_id of any Advisory.

For example:
we have exploits with CVE-1234 as an identifier. We will relate that exploit to all advisories that have that identifier either as it's alias or advisory ID

Shall we store exploits as an advisory of it's own or shall we relate exploits to other advisories like we are doing currently?

[DennisClark]

@TG1999 I think we relate exploits to other advisories like we are doing currently makes the most sense, since I think we need to be clear about the distinction between advisories and exploits.

[TG1999]

This is done now

Reference:

• Relate severity scores with advisories #2174