oss-sec mailing list archives
Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies
From: Simon Ward <simon+oss-sec () bleah co uk>
Date: Mon, 07 Mar 2016 11:28:48 +0000
On 5 March 2016 20:25:49 GMT+00:00, Adam Caudill <adam () adamcaudill com> wrote:
Here is what I would like to see: * Simple ID Request - Data required should be minimal, though I think a few basic items are needed. Perhaps vendor, product, version(s), title, and contact information. Optionally, the requestor should be able to provide their GPG public key, a detailed description, reference URL(s), etc. The ID should then be instantly issued, and given a status of assigned.
While I like the idea of being able to trivially get a global identifier for a vulnerability I find those with no information,. i.e. Unknown attack vector and impacts, useless. There's no good way to prioritise these: if you assume the worst case you get drowned in a sea of vulnerabilities you have to investigate. Simon -- Sent from Kaiten Mail. Please excuse my brevity.
Current thread:
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies, (continued)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Alan Coopersmith (Mar 09)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Carlos Alberto Lopez Perez (Mar 10)
- Re: RE: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Adam Caudill (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Tim (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies me (Mar 06)
- CVE Replacement Via Blockchains (was: Concerns about CVE coverage shrinking - direct impact to researchers/companies) Tim (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Art Manion (Mar 10)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Simon Ward (Mar 07)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies David A. Wheeler (Mar 09)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies gremlin (Mar 05)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Rahul Pratap Singh (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies op7ic \x00 (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Solar Designer (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Robert Paprocki (Mar 06)
- Re: Concerns about CVE coverage shrinking - direct impact to researchers/companies Gsunde Orangen (Mar 06)