lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Jan  6 20:19:14 2006
From: guninski at guninski.com (Georgi Guninski)
Subject: Open Letter on the Interpretation of
	"Vulnerability Statistics"

On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote:
> According to the definitions proposed by Brian Martin of OSVDB, CVE is in
> fact a database - HOWEVER it is a highly specialized one intended for
> correlation and comparison across multiple tools and products.  That said,
> 90% of its consumers do not use it for that reason.  The FAQ should
> probably be rephrased a bit.
>

hahahahahaha, "a responsibility rfc government funded
expert" wrote.

http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html
>>So you are collecting 0days for free, put them in a lame database and
>>whine more than a script kiddie this is a hard job?

>I don't view it that way.
>
>1) CVE is not a vulnerability database, per the FAQ on the CVE web
>   site at http://cve.mitre.org/about/faq.html#A7 (though we are not
>   blind to the fact that some people try to use it as a database
>   anyways).

-- 
where do you want bill gates to go today? 













































junk:

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ