[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Agenda for CVE Board Meeting Wednesday, 15 November 2017

On 2017-11-15 16:32, Art Manion wrote:

> (*) YYYY is meant to be the year the vulnerability (not the CVE ID) 
> was published, right?  Not year the CVE ID was requested, assigned, 
> or published?

CVE web site says:


Date Entry Created: 20161205

Disclaimer: The entry creation date may reflect when the CVE-ID was 
allocated or reserved, and does not necessarily indicate when this 
vulnerability was discovered, shared with the affected vendor, publicly 
disclosed, or updated in CVE. 

Best reasonable guess at ${date_public} really should be in CVE 
entries.  Possibly also ${date_last_updated}, which might be obtainable 
from github?

 - Art

Page Last Updated or Reviewed: November 16, 2017