Re: What does it mean for a vulnerability to be retired?

["George A. Theall" <theall () tifaware com>]

On Dec 21, 2007, at 1:11 PM, Terra Frost wrote:

> <http://www.securityfocus.com/bid/26885> is an example of a
> vulnerability whose status has been changed to RETIRED.  My question
> is..  what, exactly, does that mean?

The meaning varies. In this case, it means that SecurityFocus  
believes the issue was bogus, which is what they say under the  
Discussion section:

  http://www.securityfocus.com/bid/26885/discuss

[As an aside, retiring this was probably a mistake -- there is  
definitely an issue with WordPress as subsequent discussions on the  
Bugtraq mailing list have shown.]

In other cases, SecurityFocus might mark an BID as retired because  
they have split out the issues into separate BIDs, as they did  
recently with BID 26929, for various issues in Adobe's Flash Player  
plugin.

George
--
theall () tifaware com