[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sources List and Some Updates



Hi Dave,

On 6/27/12 11:38 AM, Mann, Dave wrote:

> FULL COVERAGE SOURCES - OTHER
> =============================
> US-CERT: Technical Cyber Security Alerts

> PARTIAL COVERAGE SOURCE - VENDOR RELATED
> ========================================
> US-CERT: Vulnerability Notes

Please either swap these, or move US-CERT: Vulnerability Notes to "full
coverage."

74% (average since 2009) of vulnerability notes (5+ per month) are based
on private reports to CERT, which means those vulnerability notes are
effectively an initial source of a public disclosure, and often already
have a CVE ID.

US-CERT: Technical Cyber Security Alerts are actually more likely to be
"republishing" on a Microsoft patch Tuesday release or similar.  Times
have changed since the days of CERT Advisories...


 - Art


Page Last Updated or Reviewed: November 06, 2012