oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies

From: Rahul Pratap Singh <techno.rps () gmail com>
Date: Sun, 6 Mar 2016 12:58:46 +0530
I am also sailing on the same boat. Thanks for raising this question. I
reported multiple advisories to oss-sec and cve-assign. Never got even a
single reply. Even, I saw, CVE-ID was assigned to same product for similar
vulnerability few years back. Now, I eschew requesting CVE.


Regards,
Rahul Pratap Singh

On Sun, Mar 6, 2016 at 11:57 AM, <gremlin () gremlin ru> wrote:


On 2016-03-05 20:20:39 +0300, Solar Designer wrote:

 >> I think it's been said on this list previously -- these are
 >> two separate activities:
 >> 1. Assigning IDs

 > Problem solved:
 > http://www.openwall.com/ove

Hmmm... sorry to say, but I've garbaged 21 IDs by simply visiting
this page and reloading it twice just to see what would happen :-)

So I'd suggest adding a BRB (Big Red Button) for those who actually
need an ID, and displaying some statistics ("1234 IDs were assigned
today") for everyone else.

Style suggestion:

[form action='.' method='post']
[input style='background:red;color:white;padding:16px;font-size:32px'
name='request' value='GET ID' type='submit']
[/form]

Looks nice for me.

 >> 2. Analysis, deconfliction, write-up
 > Having IDs is of some use even without or before all of that.

Yes. So prepare for the above link to become really popular.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8
Previous By Date Next
Previous By Thread Next

Current thread: