RE: Update Disclosure Sources List - Please Vote!
[resending due to previous bounces]
On Tue, 11 Oct 2011, Mann, Dave wrote:
>> From: Kent_Landfield@McAfee.com [mailto:Kent_Landfield@McAfee.com]
>> Non-OS venders should be included
>> Specifically Desktop products that are commonly seen in both corporate and
>> consumer systems
>> 2. Nice to have
>> * ZDI
>> * Exploit-DB
>> * MSVR - Microsoft Vulnerability Research Advisories
>> * iDefense
>> * cisco-sa-xxxxxxxx-xxx (Cisco Security Advisories)
>> * Htxxxx (Apple)
>> * VMSA (Vmware Security Advisories)
>> * CNVD (China National Vulnerability Database)
>> * Metasploit Module Ids
> Some of these are behind pay-walls, no?
None of these are behind pay-walls. All are freely available, and most
(if not all) don't even require any registration.
Note that Vmware, Cisco, and Apple are all CNAs; and MSVR, iDefense, and
ZDI use CVEs heavily (well so does CNVD, but they seem to have their own
entries too.) We don't currently monitor Metasploit because based on what
I've seen, the good metasploit sploits get posted to Exploit-DB anyway.