[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sources: Full and Partial Coverage
- To: Adam Shostack <adam@homeport.org>
- Subject: Re: Sources: Full and Partial Coverage
- From: security curmudgeon <jericho@attrition.org>
- Date: Tue, 12 Jun 2012 12:49:37 -0500
- CC: cve-editorial-board-list <cve-editorial-board-list@LISTS.MITRE.ORG>
- Delivery-Date: Tue Jun 12 13:50:53 2012
- In-Reply-To: <20120612155137.GA10516@homeport.org>
- List-Help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-Owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-Subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-Unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <2F43C4D2BE8AD24C8AC17D8C64B379B316E94C@IMCMBX01.MITRE.ORG> <CBD696D8.32CFA%kent_landfield@mcafee.com> <2F43C4D2BE8AD24C8AC17D8C64B379B3172CB9@IMCMBX01.MITRE.ORG> <D7A0423E5E193F40BE6E94126930C4930B994ABB80@MBCLUSTER.xchange.nist.gov> <20120518104737.GT9865@MacGaus.cisco.com> <alpine.LNX.2.00.1205181251230.11561@forced.attrition.org> <20120521133539.GD9865@MacGaus.cisco.com> <20120611160702.GC29160@homeport.org> <20120612103815.GK576@MacGaus.cisco.com> <20120612155137.GA10516@homeport.org>
- Sender: <owner-cve-editorial-board-list@LISTS.MITRE.ORG>
- User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Tue, 12 Jun 2012, Adam Shostack wrote: : Hi Gaus, : : I don't see this as a justification for a product-centered view. If : Shiny has 10 vulns, and only one has made an exploit kit, I have no use : for the other 9 cves. So it's an argument against a purely : product-centered view. You mean, only one has made an exploit kit today. If the vendor is big and widely deployed, you can expect another of those 10 to be added to subsequent exploit kits. Or perhaps it is in a different kit that hasn't been detected yet. Is it easier to add all 10 at once, or 1 now and then go back and cherry pick them to add based on perceived importance at a later date?
- References:
- Re: Sources: Full and Partial Coverage
- From: Adam Shostack <adam@homeport.org>
- Re: Sources: Full and Partial Coverage
- From: Damir Rajnovic <gaus@cisco.com>
- Re: Sources: Full and Partial Coverage
- From: Adam Shostack <adam@homeport.org>
- Re: Sources: Full and Partial Coverage
- Prev by Date: Re: Sources: Full and Partial Coverage
- Next by Date: RE: Sources: Full and Partial Coverage
- Prev by thread: Re: Sources: Full and Partial Coverage
- Next by thread: Re: Sources: Full and Partial Coverage
- Index(es):
