Add NVD as a source

[rtfpessoa]

NVD is one of the best sources for vulnerabilities. The only issue to support it is that the information it provides is not very well structured to be used by us, specially the package names that each CVE refers to.

I think we can kind of overcome this with:

• Download all the compressed packages with CVEs since forever
• Load all our current database
• Use the current database to reverse engineer the names of the packages in the NVD database based on the name we have for them and the CVEs we know are related to them
• Create a mapping of names from NVD to our database
• Search NVD for vulnerabilities using the mappings
• (Crazy idea) We could also search NVD for vulnerabilities a similarity match of our name with theirs if we don't have a mapping

Notes/Help:

• You can check https://github.com/versioneye/versioneye-security/blob/69010912bbe10d51c62d064092c83bb4053a7823/lib/versioneye/nvd_security_crawler.rb and https://github.com/versioneye/versioneye-security/blob/69010912bbe10d51c62d064092c83bb4053a7823/lib/versioneye/constants/nvd_mapping.rb to quickly understand the crawling of NVD and to grab some mappings already working.

This is a very exploratory task and the results need to be evaluated and checked since this might bring a lot of weird results due to the complicated matching.