oss-sec mailing list archives
Re: Isearch insecure temporary files
From: Henri Salo <henri () nerv fi>
Date: Sun, 30 Dec 2012 18:16:42 +0200
On Sat, Dec 29, 2012 at 08:53:42PM -0700, Kurt Seifried wrote:
One random thought, might it be worth adding structured data to CVE that basically says when the issue was made public/reported to the upstream and when upstream 1) acknowledged it (if ever) and then they patched it (if ever) and when they shipped a fixed version (if ever). Obviously then you could simply parse for the time between date reported and date acknowledged/patched/fixed and see how healthy/responsive the upstream is.
Yes, that would be really useful data with CVEs. OSVDB is collecting that already. That is not easy task btw. - Henri Salo
Current thread:
- Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 21)
- Re: Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 29)
- Re: Isearch insecure temporary files Henri Salo (Dec 30)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 30)
- Re: Isearch insecure temporary files David Holland (Dec 21)
- Re: Isearch insecure temporary files Kurt Seifried (Dec 21)