RE: Update Disclosure Sources List - Please Vote!

To: "Kent_Landfield@McAfee.com" <Kent_Landfield@McAfee.com>, cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
Subject: RE: Update Disclosure Sources List - Please Vote!
From: "Mann, Dave" <damann@mitre.org>
Date: Tue, 11 Oct 2011 15:58:25 -0400
Accept-Language: en-US
acceptlanguage: en-US
Delivery-Date: Tue Oct 11 15:58:49 2011
In-Reply-To: <CAB32B6B.218F9%kent_landfield@mcafee.com>
List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
References: <3FF9F74E63A7484EB3B88F04329CBEDC0444812B45@IMCMBX1.MITRE.ORG> <CAB32B6B.218F9%kent_landfield@mcafee.com>
Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
Thread-Index: AcyEO4KcoUQb6DMLT2GXhX00JI8ChwEFCWtA
Thread-Topic: Update Disclosure Sources List - Please Vote!

>From: Kent_Landfield@McAfee.com [mailto:Kent_Landfield@McAfee.com]
>Non-OS venders should be included
>Specifically Desktop products that are commonly seen in both corporate and
>consumer systems

Can you name names?  That's a potentially very large list.

Would it be worth combining this with a numeric qualifier?  Say, desktop products that produce more than 10 disclosures a year? (pulling that number out of the air)



> 2.  Nice to have
>    *   ZDI
>    *   Exploit-DB
>    *   MSVR - Microsoft Vulnerability Research Advisories
>    *   iDefense
>    *   cisco-sa-xxxxxxxx-xxx (Cisco Security Advisories)
>    *   Htxxxx (Apple)
>    *   VMSA (Vmware Security Advisories)
>    *   CNVD (China National Vulnerability Database)
>    *   Metasploit Module Ids

Some of these are behind pay-walls, no?

CVE charter is to provide ids for "publicly available" vulnerabilities.  

I don't consider things behind pay-walls as publicly available.  My mind could be changed on that but it would need to be a good argument.



-Dave
==================================================================
David Mann | Principal Infosec Scientist | The MITRE Corporation
------------------------------------------------------------------
e-mail:damann@mitre.org | cell:781.424.6003
==================================================================

Follow-Ups:
- Re: Update Disclosure Sources List - Please Vote!
  - From: Art Manion <amanion@cert.org>
- RE: Update Disclosure Sources List - Please Vote!
  - From: "Steven M. Christey" <coley@rcf-smtp.mitre.org>

References:
- Update Disclosure Sources List - Please Vote!
  - From: "Mann, Dave" <damann@mitre.org>
- Re: Update Disclosure Sources List - Please Vote!
  - From: <Kent_Landfield@McAfee.com>

Prev by Date: MITRE participation in "The Future of Global Vulnerability Reporting" track at NIST ITSAC
Next by Date: CVE Must-Have Coverage
Prev by thread: Re: Update Disclosure Sources List - Please Vote!
Next by thread: Re: Update Disclosure Sources List - Please Vote!
Index(es):
- Date
- Thread