Re: Sources: Full and Partial Coverage
On Tue, 12 Jun 2012, Adam Shostack wrote:
: Hi Gaus,
: I don't see this as a justification for a product-centered view. If
: Shiny has 10 vulns, and only one has made an exploit kit, I have no use
: for the other 9 cves. So it's an argument against a purely
: product-centered view.
You mean, only one has made an exploit kit today. If the vendor is big and
widely deployed, you can expect another of those 10 to be added to
subsequent exploit kits. Or perhaps it is in a different kit that hasn't
been detected yet.
Is it easier to add all 10 at once, or 1 now and then go back and cherry
pick them to add based on perceived importance at a later date?