[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE request form is missing an important bit



On Thu, 5 Jan 2017, Andy Balinsky (balinsky) wrote:

: My point is that the year of the CVE shouldn't be a major data item, 
and 
: it shouldn't matter much if the year is 2016 or 2017 for a December 
: vuln.

"Shouldn't matter", yet every company that uses the CVE data set to 
generate statistics rely on that to count by year, even if the 
vulnerability was disclosed a year prior to the ID (e.g. disclosed in 
2015, received a 2016 ID).

This is a simple fact, and a majority of the 'statistics' we see 
surrounding vulnerabilities are impacted by this.

.b


Page Last Updated or Reviewed: January 09, 2017