Full Disclosure mailing list archives
Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: Georgi Guninski <guninski () guninski com>
Date: Fri, 6 Jan 2006 22:18:51 +0200
On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
According to the definitions proposed by Brian Martin of OSVDB, CVE is in fact a database - HOWEVER it is a highly specialized one intended for correlation and comparison across multiple tools and products. That said, 90% of its consumers do not use it for that reason. The FAQ should probably be rephrased a bit.
hahahahahaha, "a responsibility rfc government funded expert" wrote. http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html
So you are collecting 0days for free, put them in a lame database and whine more than a script kiddie this is a hard job?
I don't view it that way. 1) CVE is not a vulnerability database, per the FAQ on the CVE web site at http://cve.mitre.org/about/faq.html#A7 (though we are not blind to the fact that some people try to use it as a database anyways).
-- where do you want bill gates to go today? junk: _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 05)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Valdis . Kletnieks (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 08)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" dudevanwinkle () gmail com (Jan 08)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Valdis . Kletnieks (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Hugo Vazquez Carapez (Jan 10)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 06)