Full Disclosure mailing list archives
Re: Open Letter on the Interpretation of "Vulnerability Statistics"
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 07 Jan 2006 16:13:06 +0100
* Georgi Guninski:
RVI sources collect unstructured vulnerability information from Raw Sources.read: parasites cut and paste from people who can do things.
A service which assigns a primary key shared by multiple databases is quite helpful. Of course, you can dismiss this whole vulnerability tracking/patching thing as completely pointless, and I wouldn't even disagree with you. 8-)
- LACK OF COMPLETE CROSS-REFERENCING BETWEEN RVI SOURCES.read: coley does not like it that there is no officially recognized usa funded database (NOT a dictionary) to rule em all and manipulate statistics.
Uhm, CVE itself adds cross-references to other databases, even to a non-US one, so I don't think this is a valid criticism. Unlike PKI or DNS, vulnerability naming does not need to be universal to be useful. It does not suffer from the Highlander problem. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Open Letter on the Interpretation of "Vulnerability Statistics", (continued)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Steven M. Christey (Jan 06)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Valdis . Kletnieks (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 08)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" dudevanwinkle () gmail com (Jan 08)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Valdis . Kletnieks (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" InfoSecBOFH (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Hugo Vazquez Carapez (Jan 10)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Florian Weimer (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Georgi Guninski (Jan 07)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Matt Zimmerman (Jan 09)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Florian Weimer (Jan 11)
- Re: Open Letter on the Interpretation of "Vulnerability Statistics" Matt Zimmerman (Jan 11)