| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200507172011.j6HKBA10023055@linus.mitre.org> Date: Sun Jul 17 21:11:17 2005 From: coley at mitre.org (Steven M. Christey) Subject: RE: Why Vulnerability Databases can't do everything security curmudgeon said: >Consider that we already have government coordination for >vulnerabilities. In fact, did you know we have it half a dozen times >over? > >... > >Little overlap? You bet there is. The CERT, CVE, and ICAT efforts are complementary. CERT deals with large-scale disclosures, major alerts, incident response, and critical infrastructure. The public view of CERT vulnerabilities (the vulnerability notes) is not broad, but it's deep. CVE is the naming standard for everyone to use. It bags and tags vulnerabilities; from a content perspective it is relatively shallow, but broad, and its heaviest analytical focus is on telling apples from apples. ICAT is, loosely, an extension of CVE, by adding the other informational fields that some people want from CVE. US-CERT is a heavy user of both CERT and CVE "products." There is coordination across all these efforts, which each have their own separate focus. There will be greater evidence of that coordination shortly. - Steve
Powered by blists - more mailing lists