[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TECH] Total effort of vulnerability database teams


For those of you who lead vulnerability database teams (or research
teams who maintain a database as part of their work), I was wondering:
approximately how many "staff years" support your vulnerability
database efforts per year, including data collection, research,
writing, and editing?  (Please include your own related activities).
If you can also provide separate figures for any validation you may do
(e.g. exploit creation/verification), that would be great.

I'm asking because I'm trying to get a notion of how well CVE is
"producing" relative to its rough equivalents in industry.  We've got
about 2.5 staff years per year, but our "validation" step is mostly
limited to searching for vendor acknowledgement, then waiting to see
how the Board votes ;-)

Feel free to send me a private response if you wish.

- Steve

Page Last Updated or Reviewed: May 22, 2007