[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Sources: Full and Partial Coverage

On Thu, 17 May 2012, Booth, Harold wrote:

: > What you propose should be looked at for a weighting system on how CVE prioritizes data
: > obtained from the sources they are looking at. If we establish they should look for
: > vulnerabilities in 50 sources, then the daily grind should also have them create an entry for a
: > Microsoft product before PHPBlogWeNeverHeardof.
: While understand what you trying to say here, I still hold to my 
: previous comments that sources are secondary to products covered. 
: Especially since some products may require looking at multiple sources. 
: I am not all that interested in sources, I am keenly interested in 
: products though.

Right, I understand that desire.

However, if you say "CVE, monitor ProductX", and due to an incomplete list 
of sources being monitored, they end up issuing an ID for only 70% of the 
vulnerabilities disclosed in ProductX, has that met your need?

Page Last Updated or Reviewed: November 06, 2012