[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

"Safe" vulnerabilities ready for review




All:

I've taken a quick crack at identifying a "safe" subset of
vulnerabilities that (hopefully) won't generate much discussion or
controversy.

About 250 of the 650 CVE vulnerabilities are "safe" for review.  Yes,
that leaves 400 others, but:

- these 250 are tested by one or more tools (mostly network-based,
commercial or freeware)

- almost 200 are software flaws

- most don't have any level of abstraction inconsistencies across
mappings

This is NOT to say that there are 400 contentious entries, rather that
my most concrete "first cut" has produced these 250.  The remaining
400 include:
  - entries that had to do with content decisions that I think might
    cause discussion
  - a lot of other entries that are host-based but "stable" and
    probably non-controversial
  - vulnerabilities that are more recent than my mappings

I'll provide the list by Tuesday afternoon.

- Steve

Page Last Updated or Reviewed: May 22, 2007