Re: Official Vendor Statement Service for the set of CVE Vulnerabilities

["Steven M. Christey" <coley@rcf-smtp.mitre.org>]

Several of us in the vuln database world have been talking about a
capability like this for a couple years.  It's become more important as
the noise increases, or at least the volume of noise; I'm not sure if the
percentage has changed, although grep-and-gripe research is clearly on the
rise.

While CERT/CC has offered something like this for years in their
vulnerability notes, I am very glad to see it become much more widely
available to any CVE.  This will in turn improve the overall quality of
vulnerability information.

Finally, it should be noted that the new capability is a direct result of
the Editorial Board teleconference we had a couple months ago (sigh, I
know I still need to write up that summary...)  It's good to see that the
first meeting in a few years can still bear fruit!  To that end, we should
probably have another teleconference in the next month or so.

- Steve