Full Disclosure mailing list archives
Re: HP Full Disclosure Story
From: full-disclosure () lists netsys com (Steven M. Christey)
Date: Tue, 27 Aug 2002 18:58:46 -0400 (EDT)
choose.a.lusername () hushmail com said:
Steven, instead of beating this draft to death at every possible opportunity, could you focus on the CVE database?
In the long term, better disclosure practices would produce better vulnerability information, which would improve the quality of CVE. For example, many CVE candidates may not receive enough votes to become official entries, and one of the major reasons for this is the lack of vendor acknowledgement. The primary causes of duplicate issues in CVE are (a) lack of coordination between researcher and vendor (where the researcher describes the attack, and the vendor describes the vulnerability), or (b) vague vendor advisories or other acknowledgment, which makes it difficult to know which issue was truly fixed by the vendor. Moving a little off topic...
Have a section [in CVE] for "this weeks" candidates and "this weeks approved entries (i forget what its called). Thanks.
Each new CVE version has a report that states which candidates were promoted to entries: http://cve.mitre.org/cve/versions/. CVE versions are updated quarterly (which provides stability to content providers who have to keep their mappings up-to-date, a resource-intensive process). The CVE Change Logs, offered by Purdue CERIAS, allows you to monitor changes on a daily or monthly basis. See: https://cassandra.cerias.purdue.edu/CVE_changes/ Finally, while many people try to use CVE as a vulnerability database, it is not. Unfortunately, this can reduce its utility to those people. See http://cve.mitre.org/about/faq.html#A5 - Steve
Current thread:
- Re: HP Full Disclosure Story, (continued)
- Re: HP Full Disclosure Story hellNbak (Aug 24)
- Re: HP Full Disclosure Story Charles Stevenson (Aug 26)
- Re: HP Full Disclosure Story KF (Aug 26)
- Re: HP Full Disclosure Story KF (Aug 26)
- Re: HP Full Disclosure Story Anthony DeRobertis (Aug 25)