[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sources: Full and Partial Coverage
On Mon, 25 Jun 2012, Art Manion wrote: : Do we really need to restrict the list of sources too heavily? I'll : guess that Secunia and other places doesn't do all this monitoring by : hand...? We're fairly ghetto, but OSVDB does a *lot* of source monitoring by hand. : 5. Have set searches for phrases that indicate important vulnerabilities : ("overflow", "XSS", etc). Steve Christey has contributed heavily to mine, but I have a parsing script that I throw at any changelog to pull out interesting keywords. I've been using this for over 5 years now, and it is the source of a LOT of OSVDB entries that range in severity from 'unknown' to CVSS 7+, a majority of which do not have CVE identifiers.