RE: Sources: Full and Partial Coverage
On Tue, 8 May 2012, Tim Keanini wrote:
: My head researcher felt that these were absent and should be considered given the infrastructure roles they play and I agree.
: Partially Cover
: 1) http://www.exploit-db.com/ <-- if they hit this repository exploit code
: is available to the public, and it warrants a CVE.
I am curious why you chose EDB, and do not mention or suggest PacketStorm
or inj3ct0r (1337day.com), as they both do the same thing, at least one in
more volume than EDB. In fact, there is a big cross-over between all three
that make daily scouring quite annoying for some VDBs.
I only ask out of curiosity, because I could argue EDB over those, or PS
over those, for different reasons.
: They also scratched their heads with RealPlayer being on the list but that might be something Federal market specific.
There is likely other media-based software with a larger user installation
base than Real, that is not currently on the list.