| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060106201851.GF14895@sivokote.iziade.m$> Date: Fri Jan 6 20:19:14 2006 From: guninski at guninski.com (Georgi Guninski) Subject: Open Letter on the Interpretation of "Vulnerability Statistics" On Fri, Jan 06, 2006 at 02:53:56PM -0500, Steven M. Christey wrote: > According to the definitions proposed by Brian Martin of OSVDB, CVE is in > fact a database - HOWEVER it is a highly specialized one intended for > correlation and comparison across multiple tools and products. That said, > 90% of its consumers do not use it for that reason. The FAQ should > probably be rephrased a bit. > hahahahahaha, "a responsibility rfc government funded expert" wrote. http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/008386.html >>So you are collecting 0days for free, put them in a lame database and >>whine more than a script kiddie this is a hard job? >I don't view it that way. > >1) CVE is not a vulnerability database, per the FAQ on the CVE web > site at http://cve.mitre.org/about/faq.html#A7 (though we are not > blind to the fact that some people try to use it as a database > anyways). -- where do you want bill gates to go today? junk:
Powered by blists - more mailing lists