Re: CVE Information Sources & Scope
On Fri, 7 Oct 2011, Carsten Eiram wrote:
> + M (IBM in general)
I agree with IBM in general. Note that the ISS X-Force branch of IBM
sometimes uses their vulnerability database as a first point of
>> Full Disclosure
> + N (from a CVE perspective the noise ratio is too high to consider it
> "must have" - most relevant info is also sent to bugtraq and if not then
> it will still be caught by the VDBs and can be spotted there).
Agree on all points.
>> SANS Mailing List (Qualys)
> + I
I have always intended to examine this list to see if it had anything
unique, but never got around to it...
>> Neohapsis (Security Threat Watch)
> + I
I'm not sure this exists anymore? Though Neohapsis was one of the major
sources for CVE information in the early 2000's...