oss-sec mailing list archives
using oss-security references in CVE
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 27 Mar 2008 18:59:27 -0400 (EDT)
All, In CVE, we try to provide "provenance" for every detail that makes its way into the description. Issues like rxvt and CenterIM have some details that are only publicly documented in oss-security, and I would like to add these as references. However, I haven't done so yet. If I start to add oss-security references to CVEs when needed, this will be noticed by the other vuln DBs and added to their watch lists. As their response is sometimes faster than CVE's, this means that new vuln reports will start showing up publicly much more quickly. While the monitoring of oss-security will happen regardless of whether it's mentioned in CVE or not, including an oss-security reference in CVE will definitely accelerate this. Are people OK with that? - Steve
Current thread:
- using oss-security references in CVE Steven M. Christey (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Nico Golde (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Solar Designer (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- wiki: links from list archive (was: using oss-security references in CVE) Solar Designer (Mar 27)
- Re: wiki: links from list archive (was: using oss-security references in CVE) Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)