Re: Isearch insecure temporary files

[Henri Salo <henri () nerv fi>]

On Sat, Dec 29, 2012 at 08:53:42PM -0700, Kurt Seifried wrote:
> One random thought, might it be worth adding structured data to CVE
> that basically says when the issue was made public/reported to the
> upstream and when upstream 1) acknowledged it (if ever) and then they
> patched it (if ever) and when they shipped a fixed version (if ever).
> Obviously then you could simply parse for the time between date
> reported and date acknowledged/patched/fixed and see how
> healthy/responsive the upstream is.

Yes, that would be really useful data with CVEs. OSVDB is collecting that already. That is not easy task btw.

- Henri Salo