Full Disclosure mailing list archives

Re: IMPORTANT SECURITY ADVISORY PLEASE READ!

From: coley () linus mitre org (Steven M. Christey)
Date: Wed, 11 Sep 2002 19:14:11 -0400 (EDT)

For a non-comprehensive list of actual vague advisories, see:

  http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cd:vague

Interestingly, vague advisories come from all types of developers, not
just the one or two most obvious vendors.

For some discussions on the impact of vague vendor advisories on CVE
(and on other vulnerability information sources), see the thread
beginning at:

  http://cve.mitre.org/board/archives/2002-02/msg00008.html

Currently, CVE only tracks vague announcements from vendors, but it
may become important to track announcements from researchers who
follow a "grace period" in which they announce the existence of some
vulnerability, but delay releasing full details for some period of
time.

- Steve

Current thread:

IMPORTANT SECURITY ADVISORY PLEASE READ! segfault (Sep 11)
- <Possible follow-ups>
- IMPORTANT SECURITY ADVISORY PLEASE READ! Percival, Ray (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Matthew McGehrin (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
  - IMPORTANT SECURITY ADVISORY PLEASE READ! Niels Bakker (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! gobbles () hush com (Sep 11)
- Re: IMPORTANT SECURITY ADVISORY PLEASE READ! Steven M. Christey (Sep 11)
- IMPORTANT SECURITY ADVISORY PLEASE READ! s n u r f l e (Sep 11)