Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Open Letter on the Interpretation of "Vulnerability Statistics"

From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jan 2006 22:18:51 +0200
On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:

According to the definitions proposed by Brian Martin of OSVDB, CVE is in
fact a database - HOWEVER it is a highly specialized one intended for
correlation and comparison across multiple tools and products.  That said,
90% of its consumers do not use it for that reason.  The FAQ should
probably be rephrased a bit.



hahahahahaha, "a responsibility rfc government funded
expert" wrote.

http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html

So you are collecting 0days for free, put them in a lame database and
whine more than a script kiddie this is a hard job?



I don't view it that way.

1) CVE is not a vulnerability database, per the FAQ on the CVE web
  site at http://cve.mitre.org/about/faq.html#A7 (though we are not
  blind to the fact that some people try to use it as a database
  anyways).


-- 
where do you want bill gates to go today? 













































junk:
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: