[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: CVE Must-Have Coverage
- To: "Mann, Dave" <damann@mitre.org>, cve-editorial-board-list<cve-editorial-board-list@LISTS.MITRE.ORG>
- Subject: RE: CVE Must-Have Coverage
- From: Mike Prosser <mprosser@symantec.com>
- Date: Tue, 11 Oct 2011 13:45:30 -0700
- Accept-Language: en-US
- acceptlanguage: en-US
- Delivery-Date: Tue Oct 11 16:44:36 2011
- In-Reply-To: <3FF9F74E63A7484EB3B88F04329CBEDC04448C426C@IMCMBX1.MITRE.ORG>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <3FF9F74E63A7484EB3B88F04329CBEDC04448C426C@IMCMBX1.MITRE.ORG>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- Thread-Index: AcyIUFmWqHoIl6VxTqa9f6NnBhoc1gABB0AQ
- Thread-Topic: CVE Must-Have Coverage
Hi Dave, all I've been lurking on the list since I am no longer an active participant on the editorial board in my current position. In our case, Symantec product advisories are always posted to the Security Focus site as well as to our Advisory page. The Security Focus site being the much better one to monitor as has been recommended here. We also coordinate with the finder's/submitters with URLs to our advisories and CVEs, if they don't acquire them, so they can include the info in their advisories/bulletins. Assume that's a similar case for at least some of the other Non-OS vendors. -Mike Symantec Product Security Team -----Original Message----- From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Mann, Dave Sent: Tuesday, October 11, 2011 3:04 PM To: cve-editorial-board-list Subject: CVE Must-Have Coverage Folks, Below, please find a somewhat stabilizing set of vulnerability sources. I've tried to capture the best consensus (not pure votes but close). Please review the list and holler loudly and quickly if you see something you can't live with. This is a living document so nothing is cast in stone. Still gaining a level of agreement on the scope is a necessary first step. I'm particularly concerned at the almost complete lack of desktop or enterprise software packages being called out by vendor. Some are listed but by no means the majority. The implication to me is that we're very much relying on non-vendor sources to shed light on these types of software. -Dave ================================================================== David Mann | Principal Infosec Scientist | The MITRE Corporation ------------------------------------------------------------------ e-mail:damann@mitre.org | cell:781.424.6003 ================================================================== CVE VULNERABILITY INFORMATION SOURCES - PRIORITY Government & Related Information Sources Must Have US-CERT Advisories (aka CERT-CC Advisories) US-CERT Vulnerability Notes (CERT-CC) US-CERT Bulletins (aka Cyber-Notes) CMU/CERT-CC DoD IAVAs Nice To Have NISCC AUS-CERT DOE CIRC (formerly CIAC) Vendor Published Information Must Have Microsoft RedHat Apache Apple OSX Oracle Solaris Suse Mandriva HP-UX AIX Cisco IOS Free BSD Open BSD Net BSD Gentoo (Linux) Ubuntu (Linux) Adobe Mozilla Google Chrome Nice To Have Debian SCO Cisco Mailing Lists & VDBs Must Have Bugtraq Full Disclosure Security Focus Security Tracker OSVDB Oss-security Nice To Have ISS X-Force FRSIRT (VUPEN) Secunia SecuriTeam Metasploit Snort Contagiodump.blogspot.com Ignore Vuln-Watch VulnDev Packet Storm SANS Mailing List (Qualys) ] Neohapsis (Security Threat Watch)
- References:
- CVE Must-Have Coverage
- From: "Mann, Dave" <damann@mitre.org>
- CVE Must-Have Coverage
- Prev by Date: CVE Response Time
- Next by Date: Re: Update Disclosure Sources List - Please Vote!
- Prev by thread: CVE Must-Have Coverage
- Next by thread: Re: CVE Must-Have Coverage
- Index(es):
