Dailydave mailing list archives
Re: Exploits matter.
From: c0lists <lists () carnal0wnage com>
Date: Wed, 7 Oct 2009 20:17:45 -0400
On Wed, Oct 7, 2009 at 7:49 PM, security curmudgeon <jericho () attrition org>wrote:
On Wed, 7 Oct 2009, c0lists wrote: : Because all those databases are incomplete it would be nice if "someone" : would start putting that information in their db to say immunity has the : exploit or core impact has the exploit. It would also be nice if these companies would provide a little better public mechanism for disclosing that information, that can be easily referenced by a VDB. Dave posted to the list about the recent vulnerability, but there are hundreds more Immunity developed with no easily referenced date or details. Because vulnerability information is valuable, we also run into the problem of not knowing if two companies have the same vulnerability figured out, if a vendor's recent announcement about fixing an 'overflow' is the same one as a researcher's, etc. This is becoming a big headache for VDBs; the VulnDisco work by Evgeny is a good example.
I agree. It would seem to be in their best interest to allows maintainers of exploit databases to have access to the exploit metadata even if it wasnt in real time (perhaps quarterly) and would be very little overhead. Most of the updates go into their monthly "download our new version" or "updated moduels" emails anyway. That certainly doesnt address all the issues you brought up but would be a step in the right direction. Maybe Immunity can start :-) -CG
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Exploits matter. dave (Oct 06)
- Re: Exploits matter. dan (Oct 07)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Re: Exploits matter. dan (Oct 07)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)
- Re: Exploits matter. alexm (Oct 08)
- Re: Exploits matter. vincent hinderer (Oct 08)
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Ilfak Guilfanov (Oct 08)