[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Update Disclosure Sources List - Please Vote!

>From: Kent_Landfield@McAfee.com [mailto:Kent_Landfield@McAfee.com]
>Non-OS venders should be included
>Specifically Desktop products that are commonly seen in both corporate and
>consumer systems

Can you name names?  That's a potentially very large list.

Would it be worth combining this with a numeric qualifier?  Say, desktop products that produce more than 10 disclosures a year? (pulling that number out of the air)

> 2.  Nice to have
>    *   ZDI
>    *   Exploit-DB
>    *   MSVR - Microsoft Vulnerability Research Advisories
>    *   iDefense
>    *   cisco-sa-xxxxxxxx-xxx (Cisco Security Advisories)
>    *   Htxxxx (Apple)
>    *   VMSA (Vmware Security Advisories)
>    *   CNVD (China National Vulnerability Database)
>    *   Metasploit Module Ids

Some of these are behind pay-walls, no?

CVE charter is to provide ids for "publicly available" vulnerabilities.  

I don't consider things behind pay-walls as publicly available.  My mind could be changed on that but it would need to be a good argument.

David Mann | Principal Infosec Scientist | The MITRE Corporation
e-mail:damann@mitre.org | cell:781.424.6003

Page Last Updated or Reviewed: November 06, 2012