[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sources: Full and Partial Coverage

On Mon, 25 Jun 2012, Art Manion wrote:

: Do we really need to restrict the list of sources too heavily?  I'll 
: guess that Secunia and other places doesn't do all this monitoring by 
: hand...?

We're fairly ghetto, but OSVDB does a *lot* of source monitoring by hand.

: 5. Have set searches for phrases that indicate important vulnerabilities 
: ("overflow", "XSS", etc).

Steve Christey has contributed heavily to mine, but I have a parsing 
script that I throw at any changelog to pull out interesting keywords. 
I've been using this for over 5 years now, and it is the source of a LOT 
of OSVDB entries that range in severity from 'unknown' to CVSS 7+, a 
majority of which do not have CVE identifiers.

Page Last Updated or Reviewed: November 06, 2012