Re: Re: source for CVE feed (was: Re: [oss-security] CVE request: httrack buffer overflow)

[Nico Golde <oss-security+ml () ngolde de>]

Hi Steven,
* Steven M. Christey <coley () linus mitre org> [2008-08-04 20:16]:
> On Mon, 4 Aug 2008, Thijs Kinkhorst wrote:
>
> > Considering your statement we would better be using one of the XML Data feeds
> > from http://nvd.nist.gov/download.cfm , right? Or would you recommend another
> > feed (e.g. the one where NVD gets its data from)?
>
> NVD's XML data feed is probably the best out there that's publicly
> available.  Representatives of CVE-compatible product authors,
> vulnerability databases, and software vendors can get direct access to an
> email-based feed from MITRE, which is the feed that NVD uses.  MITRE
> hasn't opened this to the general public because most people would use it
> like a database, and we don't want to compete with other feeds out there.
> Guess that's kind of silly these days given that NVD turns it around in 5
> minutes, but there it is.

In June you said more regular updates to the MITRE site will probably happen
this summer. This was what I was waiting for so we don't need to adapt the software
behind our security tracker :) Any news on this?

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description: