|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Sources: Full and Partial Coverage
- To: "Booth, Harold" <harold.booth@nist.gov>
- Subject: RE: Sources: Full and Partial Coverage
- From: security curmudgeon <jericho@attrition.org>
- Date: Thu, 17 May 2012 14:56:58 -0500
- CC: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Thu May 17 15:58:58 2012
- In-Reply-To: <D7A0423E5E193F40BE6E94126930C4930B994ABBE7@MBCLUSTER.xchange.nist.gov>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <2F43C4D2BE8AD24C8AC17D8C64B379B316E94C@IMCMBX01.MITRE.ORG> <CBD696D8.32CFA%kent_landfield@mcafee.com> <2F43C4D2BE8AD24C8AC17D8C64B379B3172CB9@IMCMBX01.MITRE.ORG> <D7A0423E5E193F40BE6E94126930C4930B994ABB80@MBCLUSTER.xchange.nist.gov> <alpine.LNX.2.00.1205171424131.11561@forced.attrition.org> <D7A0423E5E193F40BE6E94126930C4930B994ABBE7@MBCLUSTER.xchange.nist.gov>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Thu, 17 May 2012, Booth, Harold wrote: : > What you propose should be looked at for a weighting system on how CVE prioritizes data : > obtained from the sources they are looking at. If we establish they should look for : > vulnerabilities in 50 sources, then the daily grind should also have them create an entry for a : > Microsoft product before PHPBlogWeNeverHeardof. : : While understand what you trying to say here, I still hold to my : previous comments that sources are secondary to products covered. : Especially since some products may require looking at multiple sources. : I am not all that interested in sources, I am keenly interested in : products though. Right, I understand that desire. However, if you say "CVE, monitor ProductX", and due to an incomplete list of sources being monitored, they end up issuing an ID for only 70% of the vulnerabilities disclosed in ProductX, has that met your need?
- Follow-Ups:
- RE: Sources: Full and Partial Coverage
- From: "Booth, Harold" <harold.booth@nist.gov>
- RE: Sources: Full and Partial Coverage
- References:
- RE: Sources: Full and Partial Coverage
- From: "Mann, Dave" <damann@mitre.org>
- Re: Sources: Full and Partial Coverage
- From: <Kent_Landfield@McAfee.com>
- RE: Sources: Full and Partial Coverage
- From: "Mann, Dave" <damann@mitre.org>
- RE: Sources: Full and Partial Coverage
- From: "Booth, Harold" <harold.booth@nist.gov>
- RE: Sources: Full and Partial Coverage
- From: security curmudgeon <jericho@attrition.org>
- RE: Sources: Full and Partial Coverage
- From: "Booth, Harold" <harold.booth@nist.gov>
- RE: Sources: Full and Partial Coverage
- Prev by Date: RE: Sources: Full and Partial Coverage
- Next by Date: RE: Sources: Full and Partial Coverage
- Prev by thread: RE: Sources: Full and Partial Coverage
- Next by thread: RE: Sources: Full and Partial Coverage
- Index(es):