RE: Update Disclosure Sources List - Please Vote!
On Wed, 5 Oct 2011, Williams, James K wrote:
> Notes: mostly noise, but rare vuln disclosures do occur
In these cases, it may be more reasonable to depend on "inheriting"
coverage from the other vuln DBs.
> Notes: Central resource for major linux vendors, but would be better to
> monitor vendor directly
I agree with that.
> Notes: Regularly post fresh or zero day exploit info, but must have
These then are "not public" and outside scope. Several years ago, we went
through a phase where we tried to cover paid exploit packs e.g. from
Evgeny or CANVAS, but there is so little public information that the risk
of dupes seemed too high.
> Notes: very prolific vuln researcher, worth monitoring directly due to
Luigi is getting extra attention these days because of his SCADA exploits.
> Notes: Occasionally post fresh or zero day exploit info, but must have
CORE is one of a relatively small number of researcher CNAs (including
Secunia) for their own advisories, so they should be "must have".