[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE Information Sources & Scope

>editorial-board-list@lists.mitre.org] On Behalf Of Williams, James K
>Good points, Art.  In particular, quicker issuance of CVE identifiers would be

I triple promise that we're going to have the speed of issuance discussion.   Promise.

>As far as monitoring of twitter and blogs goes, we also need to consider
>* pastebin,
>* smaller vendor bugtracking systems (I find vulns every week, in widely
>used software, that never makes it to BugTraq, Secunia, or CVE),
>* discussion forums (in a variety of languages, and many require
>* reddit,
>* IRC,
>* and whatever other communication/dissemination mediums become
>popular (again) next month.
>When expanding monitoring of these types of sources, extensive
>automation is necessary.

James, could you talk more about automation techniques for monitoring these sources?

David Mann | Principal Infosec Scientist | The MITRE Corporation
e-mail:damann@mitre.org | cell:781.424.6003

Page Last Updated or Reviewed: November 06, 2012