Re: Sources: Full and Partial Coverage
On Mon, 25 Jun 2012, Art Manion wrote:
: Do we really need to restrict the list of sources too heavily? I'll
: guess that Secunia and other places doesn't do all this monitoring by
We're fairly ghetto, but OSVDB does a *lot* of source monitoring by hand.
: 5. Have set searches for phrases that indicate important vulnerabilities
: ("overflow", "XSS", etc).
Steve Christey has contributed heavily to mine, but I have a parsing
script that I throw at any changelog to pull out interesting keywords.
I've been using this for over 5 years now, and it is the source of a LOT
of OSVDB entries that range in severity from 'unknown' to CVSS 7+, a
majority of which do not have CVE identifiers.