oss-sec mailing list archives
CVE id assignment dates
From: Solar Designer <solar () openwall com>
Date: Mon, 23 Jan 2012 23:26:40 +0400
Hi, It appears that many people are confused by and concerned about the "Assigned" dates on CVE ids, not being aware that these dates often (or even all the time?) merely reflect the assignment of a CVE id pool to a CNA, normally before the actual vulnerabilities are discovered. For example, CVE-2012-0056 shows "Assigned (20111207)" - so someone wrongly thought that this meant that kernel developers or whoever sat on this bug for 1.5 months. I think cve.mitre.org web pages need to provide an explanation right next to these dates or not show the dates. Alexander
Current thread:
- CVE id assignment dates Solar Designer (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 23)
- Re: CVE id assignment dates Michael Gilbert (Jan 23)
- Re: CVE id assignment dates Kurt Seifried (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 24)
- Re: CVE id assignment dates Henri Salo (Jan 24)
- Re: CVE id assignment dates Michael Gilbert (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 23)