[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[TECH] Total effort of vulnerability database teams

To: cve-editorial-board-list@lists.mitre.org
Subject: [TECH] Total effort of vulnerability database teams
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Thu, 8 Aug 2002 17:50:25 -0400 (EDT)
Delivery-Date: Thu Aug 8 17:50:31 2002
Sender: owner-cve-editorial-board-list@lists.mitre.org

All,

For those of you who lead vulnerability database teams (or research
teams who maintain a database as part of their work), I was wondering:
approximately how many "staff years" support your vulnerability
database efforts per year, including data collection, research,
writing, and editing?  (Please include your own related activities).
If you can also provide separate figures for any validation you may do
(e.g. exploit creation/verification), that would be great.

I'm asking because I'm trying to get a notion of how well CVE is
"producing" relative to its rough equivalents in industry.  We've got
about 2.5 staff years per year, but our "validation" step is mostly
limited to searching for vendor acknowledgement, then waiting to see
how the Board votes ;-)

Feel free to send me a private response if you wish.

Thanks,
- Steve

Prev by Date: Use of CAN/CVE numbers
Next by Date: Re: Use of CAN/CVE numbers
Prev by thread: Re: Use of CAN/CVE numbers
Next by thread: [CVEPRI] Progress report on timeliness of CVE
Index(es):
- Date
- Thread