[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Information Sources & Scope



On Fri, 7 Oct 2011, Carsten Eiram wrote:

>>   AIX
> + M (IBM in general)

I agree with IBM in general.  Note that the ISS X-Force branch of IBM 
sometimes uses their vulnerability database as a first point of 
publication.

>>   Full Disclosure
> + N (from a CVE perspective the noise ratio is too high to consider it 
> "must have" - most relevant info is also sent to bugtraq and if not then 
> it will still be caught by the VDBs and can be spotted there).

Agree on all points.


>>   SANS Mailing List (Qualys)
> + I

I have always intended to examine this list to see if it had anything 
unique, but never got around to it...

>>   Neohapsis (Security Threat Watch)
> + I

I'm not sure this exists anymore?  Though Neohapsis was one of the major 
sources for CVE information in the early 2000's...


- Steve


Page Last Updated or Reviewed: November 06, 2012