I'd like to develop a tool, for checking OpenWrt devices for vulnerabilities, so that I can reduce the maintenance burden and only update when necessary.
Before I go further, is anyone else interested in this? If you could reply, to let me know, that would be great.
The main hurdle is where to get the security data from. I see two things available; cvechecker and the advisory page on the wiki. The CVE checker tool looks like it will give a lot of false positives, so I would much prefer to base this tool on more curated data. Is there any parseable version of the OpenWrt advisories page or is it just free form text data? Are there any other sources of security info that I can use?