|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVE Must-Have Coverage
- To: Andrew Balinsky <balinsky@cisco.com>
- Subject: Re: CVE Must-Have Coverage
- From: "Steven M. Christey" <coley@rcf-smtp.mitre.org>
- Date: Mon, 17 Oct 2011 22:54:00 -0400
- CC: "Mann, Dave" <damann@mitre.org>, cve-editorial-board-list<cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Mon Oct 17 22:54:18 2011
- In-Reply-To: <424DDA22-0957-4ACF-868F-F317D4809697@cisco.com>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <3FF9F74E63A7484EB3B88F04329CBEDC04448C426C@IMCMBX1.MITRE.ORG> <424DDA22-0957-4ACF-868F-F317D4809697@cisco.com>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
[resending because of bounce] On Thu, 13 Oct 2011, Andrew Balinsky wrote: > Also, perhaps something to track things zero day-ish things that aren't reported to vendors: > http://www.exploit-db.com or similar. FYI, we currently monitor Exploit-DB since it is a good source of raw zero-day-ish information, but it covers mostly low-interest "php-Golf" disclosures and sometimes publishes advisories that prove to be incorrect (not that there's anything wrong with that, it comes with the territory.) As a result, we do not have very high coverage of this source, and things are only given high priority if an exploit-db entry seems to be related to a high-priority product. I suspect that the presence of exploit-DB (and milw0rm before it) have probably contributed more to the growing increase in vuln counts over the years than anything else. - Steve
- References:
- CVE Must-Have Coverage
- From: "Mann, Dave" <damann@mitre.org>
- Re: CVE Must-Have Coverage
- From: Andrew Balinsky <balinsky@cisco.com>
- CVE Must-Have Coverage
- Prev by Date: Re: CVE Must-Have Coverage
- Next by Date: RE: Update Disclosure Sources List - Please Vote!
- Prev by thread: Re: CVE Must-Have Coverage
- Next by thread: Re: CVE Must-Have Coverage
- Index(es):