[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Must-Have Coverage

[resending because of bounce]

On Thu, 13 Oct 2011, Andrew Balinsky wrote:

> Also, perhaps something to track things zero day-ish  things that aren't reported to vendors:
> http://www.exploit-db.com or similar.

FYI, we currently monitor Exploit-DB since it is a good source of raw 
zero-day-ish information, but it covers mostly low-interest "php-Golf" 
disclosures and sometimes publishes advisories that prove to be incorrect 
(not that there's anything wrong with that, it comes with the territory.) 
As a result, we do not have very high coverage of this source, and things 
are only given high priority if an exploit-db entry seems to be related to 
a high-priority product.  I suspect that the presence of exploit-DB (and 
milw0rm before it) have probably contributed more to the growing increase 
in vuln counts over the years than anything else.

- Steve

Page Last Updated or Reviewed: November 06, 2012