oss-sec mailing list archives
Re: CVE id assignment dates
From: Henri Salo <henri () nerv fi>
Date: Tue, 24 Jan 2012 16:30:07 +0200
On Tue, Jan 24, 2012 at 09:10:55AM -0500, Steven M. Christey wrote:
I completely agree that tracking this kind of information is important, and I've personally wanted to see disclosure-related stats for years. I specifically mentioned OSVDB because they are trying to track this information at a greater level of detail than any other effort I know of. And, by virtue of being an *open source* vulnerability database, others can contribute to it. - Steve
First of all I am heavy user of OSVDB (http://osvdb.org/user/fgeek/profile). One should note that even OSVDB has a license, which will limit the usage of the data: http://osvdb.org/license and from my own experience I can say that this is definitely not always a good thing and might create new aspects for words open and free. For NDA reasons I can't say the case where this was a problem, but you can use your imagination. - Henri Salo
Current thread:
- CVE id assignment dates Solar Designer (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 23)
- Re: CVE id assignment dates Michael Gilbert (Jan 23)
- Re: CVE id assignment dates Kurt Seifried (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 24)
- Re: CVE id assignment dates Henri Salo (Jan 24)
- Re: CVE id assignment dates Michael Gilbert (Jan 23)
- Re: CVE id assignment dates Steven M. Christey (Jan 23)