Dailydave mailing list archives
Re: Vuln scoring system anyone?
From: security curmudgeon <jericho () attrition org>
Date: Tue, 1 Mar 2005 15:42:17 -0500 (EST)
: SecurityFocus used to have (and I assume still does) a "vendor : confirmed" flag. It meant that the vendor had looked into it, and : released some confirmation that there was a problem. : : If the vendor says there is a problem in their own code, then it is : generally safe to assume the problem is real. As opposed to some : semi-trustable group with a tendancy to release fake advisories. OSVDB uses this flag as well. We have extended the 'confirmation' to also include something we have personally tested, and will sometimes flag it depending on the source of the vulnerability. The main time it gets the flag is for vendor confirmation in the form of advisory, release notes, changelog, news update, etc. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Vuln scoring system anyone?, (continued)
- Re: Vuln scoring system anyone? Brian (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Oliv (Mar 02)
- Re: Vuln scoring system anyone? Tom Parker (Mar 02)
- Re: Vuln scoring system anyone? Jason (Mar 02)
- Re: Vuln scoring system anyone? Kurt Seifried (Mar 02)
- RE: Vuln scoring system anyone? Ben Nagy (Mar 03)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)
- Re: Vuln scoring system anyone? Frank Knobbe (Mar 01)
- Re: Vuln scoring system anyone? Blue Boar (Mar 01)
- Re: Vuln scoring system anyone? security curmudgeon (Mar 01)