lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200212060308.WAA09074@linus.mitre.org>
From: coley at linus.mitre.org (Steven M. Christey)
Subject: Re: [Poor-Disclosure]

The core problem we face in CVE is inaccurate and incomplete
information.  Indeed, in some cases we have had to codify what to do
when there is insufficient information.  We regularly notice important
inconsistencies between different vulnerability reports - assuming, of
course, we can even be certain they are talking about the same
vulnerability.  The highest quality information I see comes from
coordination between the researcher and the vendor, with independent
and well-written advisories from both parties to give different
perspectives of the same problem.  Of course, there are many reasons
why this does not always happen.

A most interesting commentary throughout.

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ