oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Strange CVE situation (at least one ID should come of this)

From: Henri Salo <henri () nerv fi>
Date: Tue, 30 Oct 2012 19:39:07 +0200
On Tue, Oct 30, 2012 at 01:34:07PM -0400, Steven M. Christey wrote:

Perhaps the OSS community could borrow an idea from one of the
framework vendors with lots of third-party modules - I forget if it
was Joomla or Drupal - who actively maintained a list of poorly
maintained or obsolete software.


There is at least http://docs.joomla.org/Vulnerable_Extensions_List and Drupal is coordinating contrib modules too 
(code reviews, advisories, etc). I don't know if Joomla security guys handle vulnerable extensions in some level or not.

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: