Re: Exploits matter.

[c0lists <lists () carnal0wnage com>]

On Wed, Oct 7, 2009 at 7:49 PM, security curmudgeon
<jericho () attrition org>wrote:

> On Wed, 7 Oct 2009, c0lists wrote:
>
> : Because all those databases are incomplete it would be nice if "someone"
> : would start putting that information in their db to say immunity has the
> : exploit or core impact has the exploit.
>
> It would also be nice if these companies would provide a little better
> public mechanism for disclosing that information, that can be easily
> referenced by a VDB. Dave posted to the list about the recent
> vulnerability, but there are hundreds more Immunity developed with no
> easily referenced date or details.
>
> Because vulnerability information is valuable, we also run into the
> problem of not knowing if two companies have the same vulnerability
> figured out, if a vendor's recent announcement about fixing an 'overflow'
> is the same one as a researcher's, etc. This is becoming a big headache
> for VDBs; the VulnDisco work by Evgeny is a good example.

I agree. It would seem to be in their best interest to allows maintainers of
exploit databases to have access to the exploit metadata even if it wasnt in
real time (perhaps quarterly) and would be very little overhead. Most of the
updates go into their monthly "download our new version" or "updated
moduels" emails anyway.

That certainly doesnt address all the issues you brought up but would be a
step in the right direction. Maybe Immunity can start :-)

-CG

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave