[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200209112314.TAA18339@linus.mitre.org>
From: coley at linus.mitre.org (Steven M. Christey)
Subject: Re: IMPORTANT SECURITY ADVISORY PLEASE READ!
For a non-comprehensive list of actual vague advisories, see:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=cd:vague
Interestingly, vague advisories come from all types of developers, not
just the one or two most obvious vendors.
For some discussions on the impact of vague vendor advisories on CVE
(and on other vulnerability information sources), see the thread
beginning at:
http://cve.mitre.org/board/archives/2002-02/msg00008.html
Currently, CVE only tracks vague announcements from vendors, but it
may become important to track announcements from researchers who
follow a "grace period" in which they announce the existence of some
vulnerability, but delay releasing full details for some period of
time.
- Steve
Powered by blists - more mailing lists