Dailydave mailing list archives
Re: Exploits matter.
From: security curmudgeon <jericho () attrition org>
Date: Fri, 23 Oct 2009 01:25:44 +0000 (UTC)
Based on discussion from this thread and internal chat: http://blog.osvdb.org/2009/10/22/classification-exploit-status-overhaul# Classification: Exploit Status Overhaul Posted by jericho 31 minutes ago OSVDB's classification system is designed to categorize certain attributes of a vulnerability. This facilitates custom searches by a specific attribute, helps researchers develop metrics and gives a better picture of the vulnerability landscape. Until now, we've tracked if an exploit is 'available', 'unavailable', 'rumored / private' or 'unknown'. While this was a good start for exploit status, it has quickly outgrown usefulness. Today, OSVDB overhauled the exploit classification to use the following: * exploit public - A working exploit is publicly available. * exploit rumored - An exploit is rumored to exist, but cannot be confirmed. * exploit private - An exploit exists, but is not available to the public or in a commercial framework (e.g., vulnerability pre-disclosure groups like iDefense or ZDI, researcher developed but unreleased). * exploit commercial - An exploit has been created and is available to customers in a commercial framework such as Canvas or CORE Impact. * exploit unknown - The status of a working exploit is unknown. In addition, we are moving one existing classification to the 'exploit' column since it is relevant to this category: * exploit wormified - An exploit has been crafted to spread via 'worm' or 'virus'. As always, if you have suggestions or questions about the classification system, please mail moderators[at]osvdb.org! _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Exploits matter., (continued)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Matt Olney (Oct 07)
- Re: Exploits matter. Fuzzy Hoodie-Monster (Oct 08)
- Re: Exploits matter. Matt Olney (Oct 09)
- Re: Exploits matter. dave (Oct 07)
- Re: Exploits matter. Tom Parker (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. security curmudgeon (Oct 07)
- Re: Exploits matter. c0lists (Oct 07)
- Re: Exploits matter. Matthew Wollenweber (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 22)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Message not available
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Tom Parker (Oct 08)
- Re: Exploits matter. alexm (Oct 08)
- Re: Exploits matter. vincent hinderer (Oct 08)
- Re: Exploits matter. security curmudgeon (Oct 08)
- Re: Exploits matter. Ilfak Guilfanov (Oct 08)
- Re: Exploits matter. Alexander Sotirov (Oct 08)
- Re: Exploits matter. Jesse Gough (Oct 08)